BCP38 dismissal

Jo Rhett jrhett at netconsonance.com
Thu Sep 11 07:47:05 UTC 2008


On Sep 7, 2008, at 12:18 AM, Randy Bush wrote:
> normally i would have just hit delete.  but your ad hominem attack on
> the messenger need a response.
>
> the reality of life is that he is correct in that "attack traffic  
> comes
> from legitimate IP sources anyway."
>
> therefore, your first duty should be to keep your hosts from joining  
> the
> massive army of botnets.


Having no hosts, I can't do much about that other than use various  
good best practices (including BCP38), run ids units looking for  
compromised hosts, and respond quickly to each abuse report if my IDS  
doesn't observe it first.

Given that I know of no provider larger than us using BCP38 on every  
port, and no other provider larger than us that responds to every  
abuse report, it would appear that we are top of the class in that  
aspect.

Therefore, when someone says "I don't need to do BCP38" because BCP38  
doesn't cause problems for them, I consider them a jerk.  And yeah, I  
feel pretty confident looking down my nose at someone like that.

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source  
and other randomness






More information about the NANOG mailing list