On the back of other 'security' posts....
Daniel Senie
dts at senie.com
Tue Sep 2 01:03:24 UTC 2003
At 02:58 PM 9/1/2003, Terry Baranski wrote:
> > the rest of the paper is also germane to this thread. just
> > fya, we keep rehashing the UNimportant part of this argument,
> > and never progressing. (from this, i deduce that we must be humans.)
>
>Ok, so we seem to have a general agreement that anti-spoof & BGP prefix
>filtering on all standard customer edge links is a worthwhile practice.
>Now what? Is there any hope of this ever happening on a very large
>scale without somehow being mandated? (Not that it necessarily should be
>mandated.) How much success have Barry Green and co. had?
Perhaps mandating will be required, since it seems clear the marketplace
doesn't seem to emphasize the integrity of the addressing architecture of
the Internet. To be sure, some folks are willing to do the right thing, but
many don't.
> Is there
>something the rest of us could be doing?
Like, perhaps, writing RFPs for aggregation switches and other edge gear
requiring wire speed BGP and source address checking filters? If it's
important, and vendors are told they have to do it or not get sales, the
technology will be developed. Would it help everyone decide if DHS issued
an edict? I've been expecting lawsuits to be the driving factor, but
perhaps it'll be the goverment instead.
More information about the NANOG
mailing list