[Full-Disclosure] Odd packet?
Steffen Schumacher
ssch at wheel.dk
Wed May 26 18:57:01 BST 2004
On 26.05.2004 13:16:52 +0000, Jeff Kell wrote:
> Valdis.Kletnieks at vt.edu wrote:
>
> >3) An amazing number of ISPs do *not* do proper ingress/egress filtering.
>
> Well, when you're cranking gigabits sometimes those little checks can
> become a bottleneck.
>
Very few customers have gig lines, and those which do, have most likely
paid enough money for it that antispoofing checks is affordable for the
ISP. Please remember that antispoofing is only done at the edge of the ISP
net.. inside it every thing is the way it should be of course..
So I have to disagree - doing antispoofing checks doesn't cost that much
in router performance vs. for instance increased routes in you routing
table..
> Besides, safe routing begins at home. If end-users (or endpoints) would
> do ingress/egress filtering, there wouldn't be a problem. I'm not so
> certain we should place the blame on the core backbone for passing the
> packets it is sent without alteration.
>
Sure end-users are more then welcome to help, but ISP's still have to protect
customers from themselves, and from other evil customers..
But no - the core has no fault, but the ISP edge routers do if they don't
do anitspoofing checks..
/Steffen
> Jeff
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure is hosted and sponsored by Secunia.