Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!ames!ucbcad!ucbvax!H.CS.CMU.EDU!Rudy.Nedved
From: Rudy.Nedved@H.CS.CMU.EDU.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Re: network horror stories
Message-ID: <1987.3.26.16.1.37.Rudy.Nedved@h.cs.cmu.edu>
Date: Thu, 26-Mar-87 11:39:17 EST
Article-I.D.: h.1987.3.26.16.1.37.Rudy.Nedved
Posted: Thu Mar 26 11:39:17 1987
Date-Received: Sat, 28-Mar-87 05:01:14 EST
References: <8703241852.AA20403@flash.bellcore.com>
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: The ARPA Internet
Lines: 40
Approved: tcp-ip@sri-nic.arpa

Phil,

I agree with your points alas certification seems to be something like
program verification, it only works on small test cases. With comments
from things like Jan 1987 ACM SIGOPS section on MIT Project Athena,
"Firewalls in gateways are neccessary" and my own experiences, I believe
it is up to the routers, bridges and gateways to control congestion and
ignore brain damaged hosts.

I would suggest that an implementation be beat on for some type of
certification before being released but experience has shown that the
imagination of the attackers/testers is more conservative then the ever
changing network enviroment....something always shows up later. Therefore,
the two prong approach of doing constructive/definitive tests and putting
firewalls into gateways is the way to go.

For firewalls, adding hysteresis to gateways, bridges and routers tied
in with the volume of datagrams from a host or network should help even
though it would penalize highly used paths...these paths are having
severe problems as it is...this will encourage more efficient use of those
paths....especially if every relaying agent does it. For relay agents on
"dedicated" networks the hysteresis would be very heavy for datagrams not
to or from dedicated network clients.

When congestion occurs, the clients that want to send the once and a while
important message would succeed but the clients that generally send lots
of communication in an inefficient manner would be penalized....this is a
more desirable behaviour then everyone who tries gets penalized.

Lastly, communicating back to entry gateways that some client is being nasty
and should be ignore would reduce gateway to gateway congestion just like most
of the telephone companies have the prefix for remote areas stored locally to
reduce trunk line usage from wrong numbers...if you dial 412 333 XXXX in 201
area then 201 area will not even try the connection, it will indicate that
number is incorrect and a telephone book should be consulted. Alas,
propagation of this information has the same problems as propagating routing
information....sigh.

Cheers,
-Rudy