On the back of other 'security' posts....

• Previous message (by thread): On the back of other 'security' posts....
• Next message (by thread): On the back of other 'security' posts....
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Ok, so we seem to have a general agreement that anti-spoof & BGP prefix
> filtering on all standard customer edge links is a worthwhile practice.

actually, we don't.  what we've achieved is that gray area / middle ground
where the people who don't think it's important are mostly afraid to speak
out against it.  while this is an important milestone, it's not nearly the
same as general agreement.

> Now what?  Is there any hope of this ever happening on a very large
> scale without somehow being mandated? (Not that it necessarily should be
> mandated.)

there is no way to mandate it.  even if it were somehow a full standard in
the ietf, network owners who didn't want to do it wouldn't have to do it.

> How much success have Barry Green and co. had?  Is there something the
> rest of us could be doing?

i'm thinking we may need some kind of branding campaign, so that rfp authors
can refer to a set of "good practices" like terminating spammers, not writing
"pink contracts", not hosting spamvertised web sites, publishing in the radb,
filtering customer routes by rir, running full uprf on customer-facing links,
and so on down the line.  i'm not sure that we (isc) would be the best people
to run an isp branding/certification programme, so i'm hoping someone else
steps up, like maybe the rirs or isp/c or maps or whatever.  but once the
sales people inside isp's have to contend with this as a checklist item in
incoming rfp's, it'll see fast deployment even in bankrupt high-inertia
"backbone" networks like uunet.
-- 
Paul Vixie

• Previous message (by thread): On the back of other 'security' posts....
• Next message (by thread): On the back of other 'security' posts....
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]