[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP38 dismissal

Subject: BCP38 dismissal
From: patrick at ianai.net (Patrick W. Gilmore)
Date: Thu, 4 Sep 2008 13:21:32 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

On Sep 4, 2008, at 1:14 PM, james wrote:
>> On Sep 4, 2008, at 7:24 AM, James Jun wrote:
>>> Indeed... In today's internet, protecting your own box
>>> (cp-policer/  control
>>> plane filtering) is far more important IMO than
>>> implementing BCP38   when much
>>> of attack traffic comes from legitimate IP sources
>>> anyway (see   botnets).
>>
>>
>> I'm sorry, but nonsense statements such as these burn the
>> blood.    Sure, yes, protecting yourself is so much more
>> important than   protecting anyone else.
>>
>> Anyone else want to stand up and join the "I am an
>> asshole" club?
>
>
> OK, I'm an asshole.
> I'm sure BCP38 can prove to be useful, but I'll never drop
> my shields.

I am pretty certain James was not suggesting you "drop your shields".   
My understanding is he thinks anyone who -only- protects their own  
router CPUs, but lets random packets leave their network with fake  
source addresses for other networks is an ass hole (shields up or not).

Assuming that is what he meant, I agree with him.

Now, would you care to reiterate your ass-hole-ness and admit to 10s  
of 1000s of your closest friends that you let your users attack them  
(and me!) in undetectable ways, make things like the Kaminsky DNS  
vulnerability possible, etc.?

-- 
TTFN,
patrick

References:
- BCP38 dismissal
  - From: james at jdfogg.com (james)

Prev by Date: BCP38 dismissal
Next by Date: Force10 Gear - Opinions
Previous by thread: BCP38 dismissal
Next by thread: BCP38 dismissal
Index(es):
- Date
- Thread