Abuse procedures... Reality Checks

J. Oquendo sil at infiltrated.net
Wed Apr 11 15:28:27 UTC 2007


Valdis.Kletnieks at vt.edu wrote:
> * PGP Signed by an unverified key: 04/11/07 at 11:21:15
>
> On Wed, 11 Apr 2007 07:07:19 EDT, "J. Oquendo" said:
>   
>> these so called rules? Many network operators are required to
>> do a lot of things, one of these things should be the
>> mitigation of malicious traffic from LEAVING their network.
>>     
>
> And I want a pony.
>
> We don't even do a (near) universal job of filtering rfc1918 addresses
> and spoofed addresses.  We aren't filtering obvious bogon packets, how
> do you propose we filter less obvious malicious traffic (is that SYN
> packet legit, or part of a DDOS, or just a slashdotting of a suddenly
> popular site?).
>
>
> * Valdis Kletnieks <valdis.kletnieks at vt.edu>
> * 0xB4D3D7B0 - Unverified
>   
When you say we, speak for yourself and your own networks. There ARE some
people who do take the time to properly design their networks. It is the
same "Well since Billy didn't do it neither will I" attitude that makes
me never think twice about blocking CIDR's.

Since 'THEY' (your "WE") didn't properly configure their network, why
should I think twice about letting it into my backyard. I guess its calling
for too much for network operators to actually do their work though and I
guess considering IPv6 is like how many years away now, I can expect that
much of a wait for people to implement what should have been done from the
onset.

I don't care how filtering gets done from someone else. Like I said if I
can watch and control what comes out of my networks using raw tools on
nix machines, you cannot with a straight face/typing method tell me that
someone at one of these big providers can't clue themselves in to getting
malicious traffic controlled.

Should someone want to comment about "oh golly the cost is outrageous"
I say bs... Its utter laziness from my eyes. So here I go politely
pointing it out... If I can do it with a couple of thousand machines on
my VERY OWN, not a "team", not a "department" but me, in a matter of
minutes, situate my network to not send out crap, then why can't these
companies? I'd like to here something logical, not someone's opinion.
Something like "According to ARIN/IEEE specifications of foobarfoo,
operators are not allowed to view traffic entering or leaving their
networks" which hinders this. There is no reason I could think of,
no scenario I could imagine, that would prohibit network operators
from putting the nail in the coffin with stuff LEAVING THEIR NETS.

Note the word LEAVING now. If it doesn't leave, you wouldn't have
complaints from some other operator now would you.



-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070411/d934988a/attachment.bin>


More information about the NANOG mailing list