Where are static bogon filters appropriate? was: Bogons

Mikael Abrahamsson swmike at swm.pp.se
Tue Mar 6 20:54:06 UTC 2007

On Tue, 6 Mar 2007, Sean Donelan wrote:

> Isn't this true of everything (bad source addresses, worms, abuse, etc). 
> Does hiding/ignoring the problem just makes it worse because there is no 
> incentive to fix the problem while it is still a small problem? If it 
> isn't important enough to bother the customer, why bother to fix it?

Let's take a concrete example:

Customer gets hacked, one of their boxen starts spewing traffic with 
spoofed addresses. The way I understand your solution is to automatically 
shut their port and disrupt all their traffic, and have them call customer 
support to get any further.

Do you really think this is a good solution?

I don't see any customer with a choice continuing having a relationship 
with me if I treat them like that. It will cost me and them too much.

So instead I just drop their spoofed traffic and if they call and say that 
their line is slow, I'll just say it's full and they can themselves track 
down the offending machine and shut it off to solve the problem.

Mikael Abrahamsson    email: swmike at swm.pp.se

More information about the NANOG mailing list