nanog mailing list archives

Re: Clueless service restrictions (was RE: Anti-spam System Idea)

From: John Kristoff <jtk () northwestern edu>
Date: Tue, 17 Feb 2004 16:59:58 -0600


On Tue, 17 Feb 2004 21:48:18 +0000
Alex Bligh <alex () alex org uk> wrote:

a) Some forms of filtering, which do occasionally prevent the customer
   from using their target application, are in general good, as the
   operational (see, on topic) impact of *not* applying tends to be
   worse than the disruption of applying them. Examples: source IP
   filtering on ingress, BGP route filtering. Both of these are known
   to break harmless applications. I would suggest both are good things.


There are some potential applications that these can break also.  For
example, a distributed application that sends out probes might wish to
use the source IP address of a remote collector that is used to measure
time delay or network path information.  If Lumeta could have tunnels
to a bunch of hosts, send traceroutes to various Internet places through
those tunnels and have the tunneled hosts use Lumeta's IP as the source
IP, they could build a pretty cool distributed peacock map.

It is of course difficult to find a way to use these legitimate types of
apps today without the infrastructure succumbing to attacks such as the
source spoofed DoS traffic floods.

John

Current thread:

Re: Clueless service restrictions (was RE: Anti-spam System Idea), (continued)
- - - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Stephen J. Wilcox (Feb 17)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Joel Jaeggli (Feb 17)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Alex Bligh (Feb 17)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Steven M. Bellovin (Feb 17)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Steve Uurtamo (Feb 17)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Alex Bligh (Feb 17)
    - RE: Clueless service restrictions (was RE: Anti-spam System Idea) Tony Hain (Feb 17)
    - RE: Clueless service restrictions (was RE: Anti-spam System Idea) Alex Bligh (Feb 17)
    - RE: Clueless service restrictions (was RE: Anti-spam System Idea) Tony Hain (Feb 17)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Paul Jakma (Feb 18)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) John Kristoff (Feb 17)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Todd Vierling (Feb 17)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Dave Crocker (Feb 18)
    - RE: Clueless service restrictions (was RE: Anti-spam System Idea) Tony Hain (Feb 18)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Guðbjörn S . Hreinsson (Feb 18)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Dave Crocker (Feb 18)
    - Re: Clueless service restrictions (was RE: Anti-spam System Idea) Guðbjörn S . Hreinsson (Feb 18)
    - Re: Anti-spam System Idea Sean Donelan (Feb 15)
    - Re: Anti-spam System Idea Tim Wilde (Feb 15)
- Re: Anti-spam System Idea Stephen Sprunk (Feb 15)
  - RE: Anti-spam System Idea Tim Thorpe (Feb 15)

(Thread continues...)