NSPs and filters

Phil Howard phil at charon.milepost.com
Sat Jul 12 15:09:15 UTC 1997


Jon Lewis writes...

> Why is it that the NSPs I've encountered refuse to do any sort of sanity
> filtering on their customer connections?  i.e. If UUNet knows that FDT has
> only 205.229.48/20 and 208.215.0/20, why should they let me send traffic
> through their network with random source addresses?

I'm assuming that they don't want to overload their router with all that
extra filtering, especially on the interface inbounds.

OTOH, I've always believed that all routers should be required to apply
routing decisions first to the source address and determine if the interface
it arrived on is at least a valid return path (not necessarily best) and if
not, drop the packet.  Then do the destination work.

Again, too much work for the routers to do.

But then, I wonder how much work they are doing routing source forged
packets and other denial of service traffic.

-- 
Phil Howard KA9WGN   +-------------------------------------------------------+
Linux Consultant     |  Linux installation, configuration, administration,   |
Milepost Services    |  monitoring, maintenance, and diagnostic services.    |
phil at milepost.com +-------------------------------------------------------+



More information about the NANOG mailing list