Who does source address validation? (was Re: what's that smell?)

Tue Oct 8 20:23:42 UTC 2002

> > 2. Spoof filtering.
> > 3. Better tools to mitigate DOS/DDOS attacks.  The technology exists
> >    for say, cable providers to reduce port scans and DOS type attacks.
>
> I would happily kick anyone doing anything that is conclusively abusive
> off the net. But access providers aren't going to do this because it costs
> them money. Being a good netizen doesn't do them any good. I'm reminded of
> the two guys walking over the Serengeti, and they spot a lion. One guy
> bends down to tie his shoe laces, and the other says: what are you doing,
> you can't outrun a lion! The first guy says: I don't have to, as long as I
> can outrun you. People aren't in any hurry to protect the common good,
> they just want to keep one step ahead of those who get in trouble for not
> doing enough.

I guess you are describing the result of the bean counters' vision
of an Ideal World colliding with the engineer's concept of poor technical
practice.

I can't buy the above reasoning, though, for two reasons.

First, I just don't think there are bean counters clueful enough to
sit around calculating return-on-investment (or lack thereof) on source-
address filtering.  And insofar as that is true, it is a mighty good
thing, as it prolongs the time when engineering practice is still within
the purview of engineers.

Second, I think there are still enough people around who remember how
Agis was hounded out of business for being spam-friendly.  Nobody wants
the same thing to happen to them, and to avoid it, will avoid even the
perception of irresponsible operation.