On Mon, 14 Feb 2000, Josh Bailey wrote:
On Tue, 15 Feb 2000, Dean Pemberton wrote:
ie, should ISP's filter traffic to clients based on sensible rules of should they just provide IP dialtone and leave the filtering up to the client.
I am wary of vigilante-style enforcement of this sort of thing developing - people putting up access lists, etc preemptively, against the "other guy" because in someone's opinion they didn't set up their network "correctly."
I'm not sure that's what's being discussed. Most of the real problem of
(D)DoS attacks is, IMO, forging to make it (more) difficult to identify
which machines are the source of the attack.
If a customer has been assigned addresses X thru Z, it has _no_ need to be
able to generate traffic from addresses A thru W, but that is usually the
case with most ISPs. "Sensible rules" means to me dropped traffic with
sources outside their assigned range.
This should not impact their ability to use the connection.
All IMO, I'm not claiming a complete correct answer either..
--
David Zanetti