[NCLUG] Egress Filtering
Sean Reifschneider
jafo-nclug at tummy.com
Sat Aug 11 11:02:44 MDT 2001
On Fri, Aug 10, 2001 at 11:22:50PM -0600, John L. Bass wrote:
>The problem with starting to filter, is where to stop. It's kinda like
>mistaking the Alantic, for a local pond. EVERYBODY has there favorite
>swamp to drain. Filtering
So you would vote against filtering out packets that are obviously invalid?
In Evi Nemeth's talk to BLUG last year, she quoted stats that a fairly
large percentage of the packets running across the large backbone sites
were 10.* sort of non-routable IPs, which you couldnt' expect to get a
reply by using. They big providers couldn't filter it out because of the
loads is caused...
Add to that the problems of spoofed source addresses used with compromise
or DoS activity...
If you're not part of the solution, you're probably part of the problem.
Oh, last night I found out that @Home does do filtering, while FRII does
not...
Sean
--
Good idea: Slaves Girls of Gor
Bad idea: Slave Girls of Al Gore.
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the NCLUG
mailing list