[geeks] Fwd: [Incident 020324-000029] unroutable traffic being passed to my nameserver
Dave McGuire
mcguire at neurotica.com
Fri Mar 29 17:46:28 CST 2002
I'd say this is a steaming crock of shit. They *should* be filtering
RFC1918 addresses anyway...on modern (and even not-so-modern) router
hardware the performance impact is negligible. If they're running any
filtering on those routers at all (which you can bet they are) adding
a few more filter rules isn't that big a deal...even for core routers
moving a metric buttload of traffic.
Sounds to me like they just don't want to be bothered, or their
routers are already overloaded and they don't want to spend the bucks
to upgrade them.
I don't know what your network looks like...Is it practical for you to
filter them on your end?
-Dave
On March 29, alex j avriette wrote:
> What's the truth in this, NOC-geeks?
>
> alex
>
> Begin forwarded message:
>
> > From: abuse at speakeasy.net
> > Date: Fri Mar 29, 2002 03:28:34 PM US/Eastern
> > To: avriettea at speakeasy.net
> > Subject: [Incident 020324-000029] unroutable traffic being passed to my
> > nameserver
> >
> >
> > We are writing to inform you that we have just updated your Customer
> > Support inquiry.
> >
> > Please DO NOT reply to this email, as will not be able to respond to it
> > or provide additional support.
> >
> > To ensure that you receive a higher level of service, we kindly request
> > that you make further updates to or close your support request in
> > MySpeakeasy (http://www.speakeasy.net/myspeak). Select Customer
> > Support from the navigation menu and go to the My Info tab to view.
> >
> > For your convenience, we have included a summary of the inquiry details
> > below.
> >
> > Thanks!
> >
> > The Speakeasy Crew
> >
> >
> > Subject
> > ---------------------------------------------------------------
> > unroutable traffic being passed to my nameserver
> >
> > Suggested Answer
> > ---------------------------------------------------------------
> > At 03/29/2002 12:21 PM we wrote -
> >
> > Greetings,
> > I've spoken with our network engineers, and apparantly implementing
> > this would generate far too much load on our routers; same goes for our
> > upstream provider, Internap. It's definaly something we'd like to do,
> > but just isn't feasable with our current setup.
> >
> > Question
> > ---------------------------------------------------------------
> > I have gotten, since march 23 at 5:15 pm (which is to say 17 hours ago),
> > 2410 unroutable packets (from 172.24.224.87 and 172.25.224.89). I've
> > asked in the past, and I'm asking again now since I seem to be getting
> > even more. Could you please filter traffic from private networks? There
> > is no reason to route it, as replies are impossible, and the traffic is
> > always private -- or malicious.
> >
> > It is specified in RFC 1918, which is available here:
> >
> > http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1918.html
> >
> > A simple capture of the traffic from the two hosts mentioned above is
> > available here:
> >
> > http://envy.posixnap.net/~alex/logs_for_abuse.txt
> >
> > I have been subject to two attacks in the last month or so, both of
> > which involved Mb/s traffic from unroutable hosts. This traffic was
> > either spoofed or erroneous, but it would save you and me both bandwidth
> > and headaches if this traffic could just be dropped at your routers.
> >
> > Thanks for your time, and a reply would be appreciated.
> >
> > -alex
> >
> --
> alex j avriette, perl hacker
> avriettea at speakeasy.net
> http://envy.posixnap.net/
> >
> >
> >
> >
> > Question Reference #020324-000029
> > ---------------------------------------------------------------
> > Product: Tech Support
> > Sub-Product: Security and Abuse
> > Contact: avriettea at speakeasy.net
> > Date Created: 03/24/2002 07:45 AM
> > Last Updated: 03/29/2002 12:28 PM
> > Elapsed Time: 0 Minutes
> > Status: Closed
> > OS:
> >
> >
> >
> >
> >
> > Thanks,
> >
> > Henry Hurley
> > Speakeasy Network Abuse
> _______________________________________________
> GEEKS: http://www.sunhelp.org/mailman/listinfo/geeks
>
--
Dave McGuire "...it's leaving me this unpleasant,
St. Petersburg, FL damp feeling on my shorts..." -Sridhar
More information about the geeks
mailing list