This is a Mime message, which your current mail reader
may not understand. Parts of the message will appear as
text. To process the remainder, you will need to use a Mime
compatible mail reader. Contact your vendor for details.
--IMA.Boundary.388702248
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Description: cc:Mail note part
Perry,
This is actually quite simple to implement on Dial Access Routers,
and obviously this is the best place to add the filtering.
Pat R. Calhoun e-mail: pcalhoun@usr.com
Project Engineer - Lan Access R&D phone: (847) 933-5181
US Robotics Access Corp.
I agree with you completely -- sort of. Only problem is there are
thought to be some 3,000 dial access providers. Many of them barely
know what a TCP SYN is, let alone why they need to block ones with
random source addresses and how. Unless of course you are
volunteering to explain it and help them. Thanks in advance. 
Curtis
I agree with you completely -- sort of. Only problem is there are
thought to be some 3,000 dial access providers. Many of them barely
know what a TCP SYN is, let alone why they need to block ones with
random source addresses and how. Unless of course you are
^^^^^^^^^^^^^^^^^^^^^^^^
volunteering to explain it and help them. Thanks in advance.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Curtis, this is a great point. USR and other NAS vendors are actually in a
great position to do exactly this, by changing their boxes to block random
addresses *by default* on dial-up ports. This is of course exactly the
point Vadim and others keep making, and of course as they point out there
ought to be a knob to disable it if desired.
Insofar as guys who "barely know what a TCP SYN is" are unlikely to twist
the knobs, defaulting filtering to "block spoofed addresses" seems like the
best and maybe only way to get them to do it.
How about it, USR &al?
--John
What you propose is a Good Thing (tm), but I don't think it's sufficient.
It still doesn't protect the 'net from antisocial behavior perpetrated by
someone who has penetrated a system with dedicated access to the 'net. It
seems like it would still be necessary for anyone selling dedicated access
to install Good Neighboor (tm) anti-spoofing filters on their inbound
interfaces (which probably requires MIPS that the routers in the field
don't have).
Regards,
Joel
If we can get config instructions for all the popular NAS boxes like
Ascend, Livingston, USR etc. posted to a web page somewher then we can get
the word out to a lot of ISP's via the 7 or 8 ISP mailing lists,
Boardwatch magazine and USENET. But for the benefit of those maginally
clueful people out there we need to have some fairly explicit
instructions.
I know ra.net has an ISP section on their WWW server and it wouldn't hurt
to point more ISP's at www.ra.net anyway.
Michael Dillon - ISP & Internet Consulting
Memra Software Inc. - Fax: +1-604-546-3049
http://www.memra.com - E-mail: michael@memra.com