Implementing anti-abuse techniques on ISP networks....

J.D. Falk jdfalk at
Wed Aug 6 23:00:14 UTC 1997

On Aug 6, Christopher Masto <chris at> wrote: 

> On Tue, Aug 05, 1997 at 12:30:25PM -0400, Greg A. Woods wrote:
> > The other issue mentioned by Dana is the fact that everyone (esp. the
> > "huge players"!) should have already implemented anti-spoofing IP
> > filters and should also be preventing dial-up customers from connecting
> > to anything but the providers authorised mail gateways on port 25.
> > (I still don't know why routers don't default to minimum anti-spoofing
> > and private net filtering rules!)
> I don't know about the "huge players", but we're an Internet Service
> Provider, not an Internet Blockage Provider.  We don't allow spoofing,
> and we don't allow relaying, but we're not about to put filters
> to prevent dialup customers from connecting wherever they want.

	How 'bout to stop them from connection wherever they want,
	spoofing their IP address so it looks like it's your box at
	home that's hacking into the NSA instead of them?

	This is an extreme example, but hopefully it illustrates the
	reason that a little simple filtering is a Good Thing[TM].

J.D. Falk                         voice: +1-415-482-2840 	
Supervisor, Network Operations      fax: +1-415-482-2844
See us at ISPCON '97, booth #501
"The People You Know.  The People You Trust."

More information about the NANOG mailing list