On Wed, 16 Feb 2000, David Zanetti wrote:
If a customer has been assigned addresses X thru Z, it has _no_ need to be able to generate traffic from addresses A thru W, but that is usually the case with most ISPs. "Sensible rules" means to me dropped traffic with sources outside their assigned range.
The problem with rules is they are very easy to stuff up. Currently very few companies (or ISPs for that matter) are connecting to multiple ISPs but I would expect the number to grow over time. Every time one of these connects you have to ensure (or sometimes manually update) your filters are not causing them problems. For example if (say) a company has a DDS to clear but runs their procy server via an ihug satellite system then Clear will see ihug ip's originating inside their network. I know of at least one company that does this BTW. connect.com over is Aus have very heavy filters on traffic in various directions which can cause all sorts of problems, they also seem to be having other problems over the last week. -- Simon Lyall. | Newsmaster | Work: simon.lyall(a)ihug.co.nz System/Network Admin. | T&C Enforcement | Home: simon(a)darkmere.gen.nz Ihug Limited, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog