Death of the Internet, Film at 11

• Previous message (by thread): Death of the Internet, Film at 11
• Next message (by thread): Death of the Internet, Film at 11
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/25/2016 08:26, Rich Kulawiec wrote:
> On Fri, Oct 21, 2016 at 10:53:42PM -0700, Ronald F. Guilmette wrote:
>> Recent events, like the Krebs DDoS and the even bigger OVH DDoS, and
>> today's events make it perfectly clear to even the most blithering of
>> blithering idiots that network operators, en mass, have to start scanning
>> their own networks for insecurities.
>
> And start monitoring their own networks for *outbound* attacks.  Too many
> people focus exclusively on inbound attacks, never realizing that every
> attack inbound to them is outbound from somewhere else.

What is it? 20 years? since the first time I was banned from NANOG for 
saying that the world would be a nicer place if EVERY true router 
refused to forward a packet whose SOURCE could not be reached from the 
port question.  (May not be stated clearly, but idea seems simple 
enough:  If the proposed ICMP message would not be routed to the port 
the packet came from, the best plan is probably to log the event and 
drop the ICMP and the rogue packet on the floor.)

-- 
"Everybody is a genius.  But if you judge a fish by
its ability to climb a tree, it will live its whole
life believing that it is stupid."

--Albert Einstein

 From Larry's Cox account.

• Previous message (by thread): Death of the Internet, Film at 11
• Next message (by thread): Death of the Internet, Film at 11
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]