Implementing anti-abuse techniques on ISP networks....
J.D. Falk
jdfalk at priori.net
Wed Aug 6 23:00:14 UTC 1997
On Aug 6, Christopher Masto <chris at netmonger.net> wrote:
> On Tue, Aug 05, 1997 at 12:30:25PM -0400, Greg A. Woods wrote:
> > The other issue mentioned by Dana is the fact that everyone (esp. the
> > "huge players"!) should have already implemented anti-spoofing IP
> > filters and should also be preventing dial-up customers from connecting
> > to anything but the providers authorised mail gateways on port 25.
> > (I still don't know why routers don't default to minimum anti-spoofing
> > and private net filtering rules!)
>
> I don't know about the "huge players", but we're an Internet Service
> Provider, not an Internet Blockage Provider. We don't allow spoofing,
> and we don't allow relaying, but we're not about to put filters
> to prevent dialup customers from connecting wherever they want.
How 'bout to stop them from connection wherever they want,
spoofing their IP address so it looks like it's your box at
home that's hacking into the NSA instead of them?
This is an extreme example, but hopefully it illustrates the
reason that a little simple filtering is a Good Thing[TM].
*********************************************************
J.D. Falk voice: +1-415-482-2840
Supervisor, Network Operations fax: +1-415-482-2844
PRIORI NETWORKS, INC. http://www.priori.net
See us at ISPCON '97, booth #501
"The People You Know. The People You Trust."
*********************************************************
More information about the NANOG
mailing list