router worms and International Infrastructure

• Previous message (by thread): router worms and International Infrastructure
• Next message (by thread): router worms and International Infrastructure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 20 Sep 2005 Valdis.Kletnieks at vt.edu wrote:
> On Tue, 20 Sep 2005 08:44:33 +0200, Gadi Evron said:
>
>> Whatever gets done and re-done is local, whether by ISP or country and
>> there is almost nothing getting done to treat this as a global, macro
>> problem, and actually put in measures to combat it.
>
> RFC2827 came out in May 2000.
>
> Based on its deployment history, where providers just have to act locally,
> I suspect that a requirement that providers act globally will result in either:

Well.. it could be worse, according to the results in 
http://spoofer.csail.mit.edu/, at least by some metrics, about 2/3 or 
3/4 of networks are unspoofable.  That's already pretty good 
improvement..

FWIW, here in Finland the regulatory body is mandating certain amount 
of spoofing prevention and other things.  Transit providers (to 
whatever definition of 'transit') could maybe also be a bit more 
strict on what they accept from downstream..

Btw. Juniper's Feasible Path uRPF (mentioned in RFC3704) is your 
friend, even on multihomed/asymmetric links.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

• Previous message (by thread): router worms and International Infrastructure
• Next message (by thread): router worms and International Infrastructure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]