SYN Flooding [info] (fwd)

While I agree with the goal here, I've been a bit disturbed by the
undercurrent of antipathy toward 'clueless small ISPs'. I'm as small
as ISPs come, and I've been outbound filtering against source
addresses not in my address space at least since last April. How many
of the clueful here can say that? Not many, I'll venture. For that
matter, when did Alexis begin filtering outbound?

Cluelessness has very little to do with the size of the ISP, as anyone
who has had to call the customer service line of any large or small
ISP can attest.

I've been filtering inbound and outbound since before most of the
"major" ISPs got in the Internet business. But I'm not smart enough
to have thought up the idea on my own. I read someone else's paper
and followed their suggestions. Of course, there were a lot fewer
papers and books about TCP/IP back then, so it was easier to read
them all.

I'd like the concept changed from 'forcing' to 'educating' and to have
it done without disparagement for not already knowing.

Once again it does bring up the importance of inter-provider cooperation.

It doesn't really matter if you a a huge ISP or a little ISP, your actions
have network-wide effects. Any provider who ignores a problem report from
any source puts not only their own network at risk, but everyone elses
as well. The problem won't go away just because you hang up the phone
or ignore the e-mail message. Putting your head in the sand, or saying
you will only accept problem referrals from arbitrarily defined "peer"
providers just means you won't learn about the problem in a timely fashion.

We've tried the one golden rule, the one with the gold makes the rules.
Maybe its time to try the other golden rule, treat other providers as
you would have them treat you.