nanog mailing list archives
Re: BCP38 adoption "incentives"?
From: Mark Andrews <marka () isc org>
Date: Fri, 30 Sep 2016 06:57:52 +1000
Even if the customers are unaware of the spoofed traffic, ISPs should be aware which leaves them open for "aiding and abetting". This doesn't require inspecting the payload of the packets. This is the IP header which they are expected to examine and for which there is a BCP saying to drop spoofed packets. Sources are used for policy routing so the source field is expected to be processed. I would expect a Judge to take into consideration the BCP in deciding whether a ISP should be aware of the issue when deciding if a ISP is aiding and abetting by allowing spoofed packets to enter their network. Mark In message <b01d17bf-c4fe-4a60-0f1e-f7c2e61c5650 () pubnix net>, Alain Hebert writes:
Well there is money to be made in DDoS protection... See our "friends" still hosting "those" pay sites. Do not expect the vendors to cut themself of that market. ----- Alain Hebert ahebert () pubnix net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 09/29/16 11:31, Leo Bicknell wrote:In a message written on Tue, Sep 27, 2016 at 08:44:35PM +0000, White, Andrew wrote:This assumes the ISP manages the customer's CPE or home router, which is often not the case. Adding such ACLsto the upstream device, operated by the ISP, is not always easy or feasible.Unicast RFP should be a feature every ISP requires of all edge devices for at least 15 years now. It should be on by default for virtually all connections, and disabled only by request or when there are circumstances to suggest it would break things (e.g. a request for BGP with full tables over the link). At this point there's no excuse, anyone who has gear who can't do that has been asleep at the switch. It's been a standard feature in too much gear for too long.
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: BCP38 adoption "incentives"?, (continued)
- Re: BCP38 adoption "incentives"? Mike Hammett (Sep 27)
- RE: BCP38 adoption "incentives"? White, Andrew (Sep 27)
- Re: BCP38 adoption "incentives"? Mike Hammett (Sep 27)
- Re: BCP38 adoption "incentives"? Wesley George (Sep 28)
- Re: BCP38 adoption "incentives"? Mike Hammett (Sep 28)
- Re: BCP38 adoption "incentives"? Nick Hilliard (Sep 28)
- RE: BCP38 adoption "incentives"? White, Andrew (Sep 27)
- Re: BCP38 adoption "incentives"? Mike Hammett (Sep 27)
- RE: BCP38 adoption "incentives"? Peter Beckman (Sep 27)
- Re: BCP38 adoption "incentives"? Valdis . Kletnieks (Sep 28)
- Re: BCP38 adoption "incentives"? Leo Bicknell (Sep 29)
- Re: BCP38 adoption "incentives"? Alain Hebert (Sep 29)
- Re: BCP38 adoption "incentives"? Mark Andrews (Sep 29)