![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
Re: Why won't providers source-filter attacks? Simple.
From: Leo Bicknell <bicknell () ufp org>
Date: Thu, 6 Feb 2014 14:54:25 -0600
On Feb 5, 2014, at 2:46 AM, Saku Ytti <saku () ytti fi> wrote:
If we keep thinking this problem as last-mile port problem, it won't be solved in next 20 years. Because lot of those ports really can't do RPF and even if they can do it, they are on autopilot and next change is market forced fork-lift change. Company may not even employ technical personnel, only buy consulting when making changes.
It can be solved, but not by NANOG. Imagine if Cable labs required all DOCSIS compliant cable modems to default to doing source address verification in the next version of DOCSIS? It would (eventually) get rolled out, and it would solve the problem. Even if it doesn't default to on, requiring the hardware to be capable would be a nice step. The consumer last mile is actually simpler in that there are a few organizations who "control" the standards. Efforts need to focus on getting the BCP38 stuff into those standards, ideally as mandatory defaults. -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.), (continued)
- Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Dobbins, Roland (Feb 07)
- Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Jay Ashworth (Feb 08)
- Re: Why won't providers source-filter attacks? Simple. Saku Ytti (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Jimmy Hess (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Leo Bicknell (Feb 06)
- POLL: BCP38 Name And Shame Jay Ashworth (Feb 05)
- Message not available
- Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Livingood, Jason (Feb 07)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] goemon (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Tony Tauber (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Randy Bush (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Livingood, Jason (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Octavio Alvarez (Feb 04)