nanog mailing list archives

Re: Why won't providers source-filter attacks? Simple.

From: Jimmy Hess <mysidia () gmail com>
Date: Wed, 5 Feb 2014 01:12:40 -0600

On Tue, Feb 4, 2014 at 10:01 PM, <Valdis.Kletnieks () vt edu> wrote:

On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:

Now if we could get equipement vendors to stop shipping models
without the necessary support it would help but that also may require
government intervention.


A good start would be to get  BCP38  revised to  router  the Host
requirements RFCs,  to indicate  that  ingress filtering should be
considered mandatory  on  site-facing interfaces.

If the standards documents still just call it a best practice....  what
hope is there of  having governments  require it of the service providers
 that their networks are connected to, anyways?


Time to name-and-shame.  It's 2014.  Who's still shipping gear that
can't manage eyeball-facing BCP38?


-- 
-JH

Current thread:

Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?], (continued)
- - - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Valdis . Kletnieks (Feb 04)
    - Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Paul Ferguson (Feb 04)
    - Why won't providers source-filter attacks? Simple. Jay Ashworth (Feb 04)
    - Re: Why won't providers source-filter attacks? Simple. Octavio Alvarez (Feb 04)
    - Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 04)
    - Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 04)
    - Re: Why won't providers source-filter attacks? Simple. Peter Kristolaitis (Feb 04)
    - Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 04)
    - Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 04)
    - Re: Why won't providers source-filter attacks? Simple. Valdis . Kletnieks (Feb 04)
    - Re: Why won't providers source-filter attacks? Simple. Jimmy Hess (Feb 04)
    - BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) John Curran (Feb 07)
    - Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Dobbins, Roland (Feb 07)
    - Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Chris Grundemann (Feb 07)
    - Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Dobbins, Roland (Feb 07)
    - Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Jay Ashworth (Feb 08)
    - Re: Why won't providers source-filter attacks? Simple. Saku Ytti (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Jimmy Hess (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 05)
    - Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)

(Thread continues...)