Death of the Internet, Film at 11
larrysheldon at cox.net
Tue Oct 25 23:54:22 UTC 2016
On 10/25/2016 08:26, Rich Kulawiec wrote:
> On Fri, Oct 21, 2016 at 10:53:42PM -0700, Ronald F. Guilmette wrote:
>> Recent events, like the Krebs DDoS and the even bigger OVH DDoS, and
>> today's events make it perfectly clear to even the most blithering of
>> blithering idiots that network operators, en mass, have to start scanning
>> their own networks for insecurities.
> And start monitoring their own networks for *outbound* attacks. Too many
> people focus exclusively on inbound attacks, never realizing that every
> attack inbound to them is outbound from somewhere else.
What is it? 20 years? since the first time I was banned from NANOG for
saying that the world would be a nicer place if EVERY true router
refused to forward a packet whose SOURCE could not be reached from the
port question. (May not be stated clearly, but idea seems simple
enough: If the proposed ICMP message would not be routed to the port
the packet came from, the best plan is probably to log the event and
drop the ICMP and the rogue packet on the floor.)
"Everybody is a genius. But if you judge a fish by
its ability to climb a tree, it will live its whole
life believing that it is stupid."
From Larry's Cox account.
More information about the NANOG