do not filter your customers

Steven Bellovin smb at
Fri Feb 24 18:10:23 UTC 2012

On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote:

> On Feb 23, 2012, at 10:42 PM, Randy Bush wrote:
>> the problem is that you have yet to rigorously define it and how to
>> unambiguously and rigorously detect it.  lack of that will prevent
>> anyone from helping you prevent it.
> You referred to this incident as a "leak" in your message:
> "a customer leaked a full table"
> I was simply agreeing with you -- i.e., looked like a "leak", smelled 
> like a "leak" - let's call it a leak.
> I'm optimistic that all the good folks focusing on this in their day
> jobs, and expressly funded and resourced to do so, will eventually
> recognize what I'm calling "leaks" is part of the routing security 
> problem.
Sure; I don't disagree, and I don't think that Randy does.  But just
because we can't solve the whole problem, does that mean we shouldn't
solve any of it?

As Randy said, we can't even try for a strong technical solution
until we have a definition that's better than "I know it when I see it".

		--Steve Bellovin,

More information about the NANOG mailing list