ICMP Attacks???????
Danny McPherson
danny at genuity.net
Thu Aug 21 22:21:26 UTC 1997
> That's helpful, but even as an RFC people still have to be aware that
> the problem exists before they do anything about it. A typical person
> that I deal with would be a small networking integrator that is selling
> Bay routers to school districts. This is not somebody who reads
> RFCs, and most of them don't have any idea what issues face the
> Internet today. I'm not sure what we can do, but this is one of the
> types of people that severely need the education. I guess it probably
> falls back on the vendors here to educate their resellers and customers.
Ideally, ingress filtering would be applied as close to the edges as possible.
This, for obvious reasons (one of which you pointed out above), isn't
feasible. What is feasible is that all providers that possess some amount of
cluefulness (this should cover *most* at the public exchanges), deploy
ingress filtering on their customer connections.
IMO, vendors should only be accountable for providing mechanisms to put these
policies in place, most of which already exist. It's the responsibility of
the participants of groups such as this to see that those policies are
deployed.
-danny
More information about the NANOG
mailing list