nanog mailing list archives
Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
From: Octavio Alvarez <alvarezp () alvarezp ods org>
Date: Tue, 04 Feb 2014 16:48:30 -0800
On 04/02/14 16:31, Livingood, Jason wrote:
Can somebody explain to me why those who run eyeball networks are able to block outbound packets when the customer hasn't paid their bill, but can't seem to block packets that shouldn't be coming from that cablemodem?i suspect the non-payment case is solved at a layer below threeIn a DOCSIS network the source address verification (as Tony said) is typically done on the CMTS IIRC. Turning a customer off for non-payment is done in an accounts management / billing system. While I am sure continuing to agree with each other that spoofing is bad, we lack actionable data. ;-) As I said in another thread, I think someone / some group needs to invest to collect actual data and share the results openly. So any volunteers out there? I¹m sure there are lots of ways to underwrite independent research on the subject (contact me off-list).
Maybe I'm oversimplifying things but I'm really curious to know why can't the nearest-to-end-user ACL-enabled router simply have an ACL to only allows packets from end-users that has a valid source-address from the network segment they provide service to.
What I'm failing to understand, and again, please excuse me if I'm oversimplifying, is what data do you need from researchers, specifically. What specific actionable data would be helpful? Why does the lack of the data prevent you from applying an ACL.
Current thread:
- Re: Why won't providers source-filter attacks? Simple., (continued)
- Re: Why won't providers source-filter attacks? Simple. Leo Bicknell (Feb 06)
- POLL: BCP38 Name And Shame Jay Ashworth (Feb 05)
- Message not available
- Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Livingood, Jason (Feb 07)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] goemon (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Tony Tauber (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Randy Bush (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Livingood, Jason (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Octavio Alvarez (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Livingood, Jason (Feb 04)
- RE: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Frank Bulk (Feb 04)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Livingood, Jason (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Christopher Morrow (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Robert Drake (Feb 06)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Jay Ashworth (Feb 05)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] joel jaeggli (Feb 05)
- BCP38 is hard; let's go shopping! Jay Ashworth (Feb 05)
- Re: BCP38 is hard; let's go shopping! joel jaeggli (Feb 05)
- Re: BCP38 is hard; let's go shopping! Christopher Morrow (Feb 05)