From: Chris Woodfield (no email)
Date: Mon Aug 05 2002 - 14:30:12 EDT
I'll clarify this...I already noted that antispoof filtering is an exception,
and I'll agree that RPF fits loosely under the antispoofing definition as well,
albiet in the other direction.
On Sun, Aug 04, 2002 at 11:19:35PM -0400, Chris Woodfield wrote:
> IMO, Commercial ISPs should never filter customer packets unless
> specifically requested to do so by the customer, or in response to a
> security/abuse incident.
> Consumer ISPs are much more likely to have clauses in the AUPs that are
> enforced premptively via packet filtering - antispoof filters (honestly,
> antispoof filtering is, IMHO, the one expection to my "commercial ISPs
> should not filter" rule), port blocks to prevent customers running
> servers, outbound SMTP blocks to off-provider systems to stop direct-to-MX
> spamming, ICMP rate limiting, et al. All of which are fine by me as long
> as they clearly assert their right to do so in their AUP - that is, as
> long as there's a comparable provider I can use instead.
> On Sun, Aug 04, 2002 at 02:37:12PM +0000, wrote:
> > > Good day,
> > >
> > > What NSPs do filter packets, and can really deal with DoS and DDoS attacks?
> > >
> > > -Abdullah Bin Hamad A.K.A Arabian
> > The shorter shorter list would be the NSPs that do NOT filter
> > packets. I can't think of an NSP that does not filter.
> > --bill