Are we really this helpless? (Re: isprime DOS in progress)

Paul Ferguson fergdawgster at gmail.com
Sat Jan 24 20:13:14 CST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Jan 24, 2009 at 6:05 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:

>> BCP 38 isn't a license, it's a technique.
>
>        There are plenty of cases in common law where as a owner
>        of something and you havn't taken reasonable steps to protect
>        or prevent injury that, were well known, you will be proved
>        to be negligent.
>
>        BCP 38 is falling into that sort of category.
>
>        Every operator here should be worried about what will happen
>        when someone decides to sue them to recover damaged caused
>        by spoofed traffic.  It's just a matter of time before this
>        happens.  Remember every router inspects packets to the
>        level required to implement BCP 38.  This is not deep packet
>        inspection.  This is address inspection which every router
>        performs.
>
>                Did you know about "BCP 38"?
>                What steps did you take to implement "BCP 38"?
>
>        I suspect that a lawyer will be able to demonstrate to a
>        judge that even as a common carrier that a operator should
>        have been deploying BCP 38.
>

I think each point above is true -- BCP38 is indeed a technique, but
failure to universally implement it defaults to (almost) a tragedy of the
commons.

After ~10 years, it is surreal to me that we, as a community, are still
grappling with issues where it could be beneficial for the Internet
community at-large. I mean, it _is_ a BCP.

- - ferg

p.s. Even when Dan Senie and I drafted RFC2827/BCP38, we were doing nothing
more than documenting what everyone (well, maybe not everyone) already knew
anyway -- that we all need to bite the bullet and just do it.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFJe8qeq1pz9mNUZTMRAmXvAJ4h2V/p6Ak+woMbT9BTCOYrEKMlXACdFaFe
icfmMA4432St/zl5j3yfQiA=
=iWAr
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the NANOG mailing list