Where are static bogon filters appropriate? was: 220.127.116.11/16 Bogons
swmike at swm.pp.se
Tue Mar 6 20:54:06 UTC 2007
On Tue, 6 Mar 2007, Sean Donelan wrote:
> Isn't this true of everything (bad source addresses, worms, abuse, etc).
> Does hiding/ignoring the problem just makes it worse because there is no
> incentive to fix the problem while it is still a small problem? If it
> isn't important enough to bother the customer, why bother to fix it?
Let's take a concrete example:
Customer gets hacked, one of their boxen starts spewing traffic with
spoofed addresses. The way I understand your solution is to automatically
shut their port and disrupt all their traffic, and have them call customer
support to get any further.
Do you really think this is a good solution?
I don't see any customer with a choice continuing having a relationship
with me if I treat them like that. It will cost me and them too much.
So instead I just drop their spoofed traffic and if they call and say that
their line is slow, I'll just say it's full and they can themselves track
down the offending machine and shut it off to solve the problem.
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the NANOG