nanog mailing list archives

Re: How to secure the Internet in three easy steps

From: Paul Vixie <paul () vix com>
Date: Fri, 25 Oct 2002 19:38:39 +0000

1. Require all providers install and manage firewalls on all subscriber
connections enforcing source address validation.


i can see how the end to end principle applies in cases 2 and 3, but not 1.


I didn't make any of these up.  They've all been proposed by serious,
well-meaning people.


i recommend caution with your choice of words.  apparently not everyone
treats "well meaning" as the compliement that it is.

If you have 2 and 3, why do you need to waste global addresses on 1.


i don't believe that 2 or 3 will ever happen, for simple market reasons --
it is harder to make money if you do 2 or 3.  however, 1 only costs a small
bit of ops expense, and has no market impact at all, so it's practical in
simple economic terms.

Its a mis-understanding of what source address validation is.  Some folks
think it should work like ANI, where the telephone company writes the
"correct" number on the call at the switch.


ouch.  i guess you're right.  perhaps a copy of BCP38 should come with
every router sold?

Current thread:

Re: DNS issues various, (continued)
- - - Re: DNS issues various Kelly J. Cooper (Oct 24)
    - Re: DNS issues various Valdis . Kletnieks (Oct 24)
    - Re: DNS issues various Barry Shein (Oct 24)
    - Re: DNS issues various Sean Donelan (Oct 24)
    - Re: DNS issues various Barry Shein (Oct 24)
    - Re: DNS issues various Peter Salus (Oct 24)
    - Re: DNS issues various Ben Browning (Oct 24)
    - How to secure the Internet in three easy steps Sean Donelan (Oct 25)
    - Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
    - Re: How to secure the Internet in three easy steps Sean Donelan (Oct 25)
    - Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
    - RE: How to secure the Internet in three easy steps Sameer R. Manek (Oct 25)
    - Re: How to secure the Internet in three easy steps Etaoin Shrdlu (Oct 25)
    - Re: How to secure the Internet in three easy steps Ryan Fox (Oct 25)
    - Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
    - Re: How to secure the Internet in three easy steps Sean Donelan (Oct 25)
    - Re: How to secure the Internet in three easy steps Scott Granados (Oct 25)
    - Re: How to secure the Internet in three easy steps batz (Oct 25)
    - Re: How to secure the Internet in three easy steps Paul Vixie (Oct 25)
    - Re: How to secure the Internet in three easy steps Sean Donelan (Oct 26)
    - Odd behavior Joe (Oct 26)

(Thread continues...)