[EMAIL PROTECTED] wrote:
>
> On Fri, 11 Feb 2000 16:35:18 EST, Paul Ferguson said:
> > Do you think that if RFC2267 was advanced as a BCP that
> > it would carry more weight, and therefore more ISP's would
> > implement RFC2267-style filtering? Coupled with the latest
> > denial of service attacks?
>
> On the one hand, I think it would make a good candidate for BCP. It seems
> to be similar in tone with RFCs 2502 and 2644. I'd have to re-read it to
> see if it would need any textual changes, or if it's OK as it is.
>
> I was talking to a co-worker on this topic, and his exact quote was
> "We have our s--t more together than most sites, despite our best
> efforts". The problem is that he was right - our site may have clue,
> but there's a lot of uneducated sites out there.
>
> Does anybody have statistics on how effective RFC2350 (Expectations
> for Computer Security Incident Response) was? Or RFC2502 (Anti-Spam
> Recommendations for SMTP MTAs)? Or RFC2644 ( Changing the Default for
> Directed Broadcasts in Routers)? It would seem reasonable that moving
> 2267 to BCP should have a similar effectiveness...
Ever since Paul and I wrote 2267, I've heard from ISPs and equipment
vendors, letting me know they'd implemented our recommendations. Lots of
folks are doing it because they understand they should do their part.
As for 2644, that one has only been out there a short time. It's not
clear how many people have noticed it yet. This document has two target
audiences, vendors and ISPs/users.
Some vendors made the change even before I wrote the document. Router
Requirements (1812) have mandated devices have an on/off switch for this
feature for a long time. I would hope that all manufacturers at least
provided the config option. I hope the vendors who haven't changed their
defaults will get to this soon.
Many clueful network operators also took the time to ensure their
networks were clean. The problem with directed broadcasts is that EVERY
routing device really has to be checked, since with CIDR you really
don't know what comprises a broadcast. Network operators, especially,
need to spend the time to check the configurations on their equipment.
Awareness of this issue needs to be raised. As with ingress filtering,
everyone needs to do their part. Unfortunately, it may be threats of
negligence lawsuits that ultimately motivates some to take heed.
--
-----------------------------------------------------------------
Daniel Senie [EMAIL PROTECTED]
Amaranth Networks Inc. http://www.amaranthnetworks.com
