Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

[Octavio Alvarez <alvarezp () alvarezp ods org>]

On 04/02/14 16:31, Livingood, Jason wrote:
> > > Can somebody explain to me why those who run eyeball networks are able
> > > to block outbound packets when the customer hasn't paid their bill,
> > > but can't seem to block packets that shouldn't be coming from that
> > > cablemodem?
> >
> > i suspect the non-payment case is solved at a layer below three
>
> In a DOCSIS network the source address verification (as Tony said) is
> typically done on the CMTS IIRC. Turning a customer off for non-payment is
> done in an accounts management / billing system.
>
> While I am sure continuing to agree with each other that spoofing is bad,
> we lack actionable data. ;-) As I said in another thread, I think someone
> / some group needs to invest to collect actual data and share the results
> openly.
>
> So any volunteers out there? I¹m sure there are lots of ways to underwrite
> independent research on the subject (contact me off-list).

Maybe I'm oversimplifying things but I'm really curious to know why 
can't the nearest-to-end-user ACL-enabled router simply have an ACL to 
only allows packets from end-users that has a valid source-address from 
the network segment they provide service to.

What I'm failing to understand, and again, please excuse me if I'm 
oversimplifying, is what data do you need from researchers, 
specifically. What specific actionable data would be helpful? Why does 
the lack of the data prevent you from applying an ACL.