nanog mailing list archives

Re: Why won't providers source-filter attacks? Simple.

From: Leo Bicknell <bicknell () ufp org>
Date: Thu, 6 Feb 2014 14:54:25 -0600


On Feb 5, 2014, at 2:46 AM, Saku Ytti <saku () ytti fi> wrote:

If we keep thinking this problem as last-mile port problem, it won't be solved
in next 20 years. Because lot of those ports really can't do RPF and even if
they can do it, they are on autopilot and next change is market forced
fork-lift change. Company may not even employ technical personnel, only buy
consulting when making changes.


It can be solved, but not by NANOG.

Imagine if Cable labs required all DOCSIS compliant cable modems to default
to doing source address verification in the next version of DOCSIS?  It would
(eventually) get rolled out, and it would solve the problem.  Even if it doesn't
default to on, requiring the hardware to be capable would be a nice step.

The consumer last mile is actually simpler in that there are a few organizations
who "control" the standards.  Efforts need to focus on getting the BCP38 stuff
into those standards, ideally as mandatory defaults.

-- 
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Current thread:

Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.), (continued)
- - - Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Dobbins, Roland (Feb 07)
    - Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Jay Ashworth (Feb 08)
    - Re: Why won't providers source-filter attacks? Simple. Saku Ytti (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Jimmy Hess (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Leo Bicknell (Feb 06)
    - POLL: BCP38 Name And Shame Jay Ashworth (Feb 05)
    - Message not available
    - Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Livingood, Jason (Feb 07)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 04)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] goemon (Feb 04)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Tony Tauber (Feb 04)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Randy Bush (Feb 04)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Livingood, Jason (Feb 04)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Octavio Alvarez (Feb 04)

(Thread continues...)