do not filter your customers

Steven Bellovin smb at cs.columbia.edu
Fri Feb 24 12:10:23 CST 2012


On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote:

> 
> On Feb 23, 2012, at 10:42 PM, Randy Bush wrote:
> 
>> the problem is that you have yet to rigorously define it and how to
>> unambiguously and rigorously detect it.  lack of that will prevent
>> anyone from helping you prevent it.
> 
> You referred to this incident as a "leak" in your message:
> 
> "a customer leaked a full table"
> 
> I was simply agreeing with you -- i.e., looked like a "leak", smelled 
> like a "leak" - let's call it a leak.
> 
> I'm optimistic that all the good folks focusing on this in their day
> jobs, and expressly funded and resourced to do so, will eventually
> recognize what I'm calling "leaks" is part of the routing security 
> problem.
> 
Sure; I don't disagree, and I don't think that Randy does.  But just
because we can't solve the whole problem, does that mean we shouldn't
solve any of it?

As Randy said, we can't even try for a strong technical solution
until we have a definition that's better than "I know it when I see it".



		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the NANOG mailing list