Why won't providers source-filter attacks? Simple.
Jimmy Hess
mysidia at gmail.com
Wed Feb 5 07:12:40 UTC 2014
On Tue, Feb 4, 2014 at 10:01 PM, <Valdis.Kletnieks at vt.edu> wrote:
> On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:
> > Now if we could get equipement vendors to stop shipping models
> > without the necessary support it would help but that also may require
> > government intervention.
>
A good start would be to get BCP38 revised to router the Host
requirements RFCs, to indicate that ingress filtering should be
considered mandatory on site-facing interfaces.
If the standards documents still just call it a best practice.... what
hope is there of having governments require it of the service providers
that their networks are connected to, anyways?
>
> Time to name-and-shame. It's 2014. Who's still shipping gear that
> can't manage eyeball-facing BCP38?
>
--
-JH
More information about the NANOG
mailing list