untrue
for a backbone.
randy
there appears to be a disconnect in the wording of the IAB document:
it starts:
IAB concerns against permanent deployment of edge-based filtering
The IAB notes that there ISPs/ASes undertaking permanent deployment of
edge-based protocol number/port number
for a backbone.
there appears to be a disconnect in the wording of the IAB document:
it starts:
IAB concerns against permanent deployment of edge-based filtering
The IAB notes that there ISPs/ASes undertaking permanent deployment of
edge-based protocol number/port number packet filtering
On Mon, Oct 20, 2003 at 05:00:58AM -0700,
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote
a message of 35 lines which said:
then there is the idea of permanent deployment ...
little is permanent in networking. the hard problem
is when vendors put filters in silicon. :(
I
for it.
very true for a host, even somewhat true for a site. very untrue
for a backbone.
randy
there appears to be a disconnect in the wording of the IAB document:
it starts:
IAB concerns against permanent deployment of edge-based filtering
The IAB notes that there ISPs/ASes undertaking permanent
somewhat true for a site. very untrue
for a backbone.
randy
there appears to be a disconnect in the wording of the IAB document:
it starts:
IAB concerns against permanent deployment of edge-based filtering
The IAB notes that there ISPs/ASes undertaking permanent deployment of
edge-based protocol
On 18 okt 2003, at 23.28, [EMAIL PROTECTED] wrote:
and if they are useful to the folks on my network, the ports
will be opened up.
This is where we are disagreeing.
Remember:
- The Robustness Principle: Be conservative in what you do, be liberal
in what you accept from
prudent/paranoid folk over the years have persuaded me that
it makes the best sense to only run those applications/services
that I need to and shut off everything else - until/unless there
is a demonstrated need for it.
very true for a host, even somewhat true for a site. very untrue
for
Jun-ichiro itojun Hagino wrote:
While short term traffic filters are deployed, the appropriate recommended
longer term action is to:
Edge networks have a lot more to upgrade than backbone networks.
Obtaining IOS code that works for all the different types of routers and
meets the ISP's policy is
On Sat, 18 Oct 2003, Jack Bates wrote:
Jun-ichiro itojun Hagino wrote:
While short term traffic filters are deployed, the appropriate recommended
longer term action is to:
Edge networks have a lot more to upgrade than backbone networks.
[...]
Agreed, but when an edge network fails to
In a message written on Sat, Oct 18, 2003 at 07:39:37AM -0700, [EMAIL PROTECTED] wrote:
why the heck does the IAB think they should tell me how to run my network?
I think the IAB has a legitimate point.
Network operators rely today on the fact that different services use
different ports, so
why the heck does the IAB think they should tell me how to run my network?
--bill
why the heck does the IAB think they should tell me how to run my
network?
i don't think expressing concerns id telling you what you MUST do.
but all in all i suspect the iab's motivations were because your
network (btw, which one is that?) is part of the INTERnet, and we
would like it all
I think the IAB has a legitimate point.
Network operators rely today on the fact that different services use
different ports, so they can block particular types of access/behavior
by blocking ports.
I think the IAB has a legitimate point and I agree with it 100%.
Unfortunately, I also
In a message written on Sat, Oct 18, 2003 at 12:26:21PM -0400, Eric Gauthier wrote:
Again, I definitely agree with the IAB's recommendation. However, its
difficult to defend this point of view in practice since most of the
equipment does basic packet filtering in hardware or with minimal
I think the IAB has a legitimate point.
perhaps. but last I checked, it was the Internet Architecture Board
not the Internet Operations Board. So form an architectural purity
perspective, sure, don't filter (and by extention, pull out firewalls
and NATS
On Sat, 18 Oct 2003 11:14:42 PDT, [EMAIL PROTECTED] said:
There is a real danger that long-term continued blocking will lead
to everything on one port
fair amount of handwaving there.
Question: Why was RFC3093 published? (Think(*) for a bit here...)
About a month later, there
Date: Sat, 18 Oct 2003 11:14:42 -0700 (PDT)
From: [EMAIL PROTECTED]
perhaps. but last I checked, it was the Internet Architecture Board
not the Internet Operations Board. So form an architectural purity
perspective, sure, don't filter (and by extention, pull out
There is a real danger that long-term continued blocking will lead
to everything on one port
fair amount of handwaving there.
Question: Why was RFC3093 published? (Think(*) for a bit here...)
About a month later, there was a *major* flame-fest on the IETF list due to
this
Valdis hits the nail on the head. And this boils down to something that
I believe is attributable to someone commenting on the old FSP protocol,
perhaps Erik Fair:
The Internet routes around damage.
Damage can take the form of a broken link, or it can take the form of an
access-list. In
On Sat, 18 Oct 2003 14:28:10 PDT, [EMAIL PROTECTED] said:
... part of the INTERnet, and we
would like it all to interoperate end to end.
that must be the royal we...
Nope. The collective we. If you aren't in the set of people who wants things
to interoperate, why are you
IAB concerns against permanent deployment of edge-based filtering
The IAB notes that there ISPs/ASes undertaking permanent deployment of
edge-based protocol number/port number packet filtering on traffic
received from eBGP peers.
As a short term response to security incidents this is a prudent
21 matches
Mail list logo
