what's that smell?

Barb Dijker barb at netrack.net
Tue Oct 8 20:56:17 UTC 2002


At 11:51 AM 10/8/02 -0700, John M. Brown wrote:

>We in the technical community need to develop or modify our tools to
>make those tasks easier.

So right. I don't know what the fuss is all about.  Not that our little ISP 
matters in the grand scheme of things... but we've always blocked RFC1918 
sources the old fashioned way, even though it appears to be less than .05% 
(by packet) of our border traffic:

(outgoing)
Extended IP access list 101
     deny ip 127.0.0.0 0.255.255.255 any
     deny ip 10.0.0.0 0.255.255.255 any (110170 matches)
     deny ip 172.16.0.0 0.15.255.255 any
     deny ip 192.168.0.0 0.0.255.255 any (130473 matches)
     permit ip any any (530422134 matches)

We get just as much (.05%) RFC1918 coming _into_ our podunk network (that 
we also block).  If that much is coming down my insignificant alley, I have 
no problem believing your 12-18% numbers at tier 1.  Those packets are by 
definition junk or malicious junk packets.  They have no business being on 
any pipe that is not a leaf enterprise.

(incoming - abbreviated)
Extended IP access list 100
     deny ip 127.0.0.0 0.255.255.255 any (111 matches)
     deny ip 10.0.0.0 0.255.255.255 any (105016 matches)
     deny ip 172.16.0.0 0.15.255.255 any (27671 matches)
     deny ip 192.168.0.0 0.0.255.255 any (66627 matches)
     permit ip any any (475732704 matches)

The big guys apparently have so much bandwidth to spare that these and 
other unverifiable, unrepliable packets don't matter to them.  If DoS and 
other activity hurt them as much as it hurt folks like us, there would be 
fewer excuses and more solutions and implementations.

ISPs bill customers for traffic on the edge.  If you filter one hop from 
the edge (interior of the edge router - fewer interfaces that way too) or 
at your border, then you can have your cake (money from the customer) and 
eat it too (filter RFC1918).  Of course you would then be charging 
customers for packets you don't pass.  They'll never know, and I never met 
a bean counter that cared about such details anyway... if bean counters are 
making routing policies.

...Barb




More information about the NANOG mailing list