[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fun with routes



aCaB wrote:

First off, ISP-B should be dropping your spoofed packets on the floor once they hit their network.

I'm a strange guy, I know, but I totally disagree. IMHO An ISP should
provide a customer with the internet. That's it.

Right, "that's it". The ISP should provide the Internet with the customer, not someone else's customer.

An ISP should not (unless asked to) mangle/NAT packets, stop pings,
block backdoor scans, scan mails for viruses or do any activity limiting
somehow their users freedom over the net. They can and should of
cause identify and fight troublemakers through the customers.

By blocking spoofed packets, they are identifying and fighting troublemakers. Spoofed packets could be a denial of service attack, an intrusion in progress, or a long list of other nasty things.

We could discuss a lot about what an ISP should and should not, but I
don't feel this is the proper time for such a discussion.

Except that your proposed solution won't work if outbound spoofing is prohibited.

Now, the best thing to do would be to approach both ISPs and ask if they'll allow your wish (and their upstreams will permit it). You do risk having some destinations be unreachable if you send packets through the "wrong" pipe.

pt



Reply to: