ICMP Attacks???????

Danny McPherson danny at genuity.net
Thu Aug 21 22:21:26 UTC 1997

> That's helpful, but even as an RFC people still have to be aware that
> the problem exists before they do anything about it.  A typical person
> that I deal with would be a small networking integrator that is selling
> Bay routers to school districts.  This is not somebody who reads
> RFCs, and most of them don't have any idea what issues face the
> Internet today.  I'm not sure what we can do, but this is one of the
> types of people that severely need the education.  I guess it probably
> falls back on the vendors here to educate their resellers and customers.

Ideally, ingress filtering would be applied as close to the edges as possible. 
 This, for obvious reasons (one of which you pointed out above), isn't 
feasible.  What is feasible is that all providers that possess some amount of 
cluefulness (this should cover *most* at the public exchanges),  deploy 
ingress filtering on their customer connections.

IMO, vendors should only be accountable for providing mechanisms to put these 
policies in place, most of which already exist.  It's the responsibility of 
the participants of groups such as this to see that those policies are 


More information about the NANOG mailing list