BCP38 Deployment

Bingyang LIU bjornliu at gmail.com
Wed Mar 28 17:05:03 UTC 2012


Yeah, "contractual closures" might be a way to force the providers to
deploy BCP38.

However, when the customers become the target of a spoofing attack,
the provider may not be able to protect its customers, because ingress
filtering (including uRPF) is inefficient when done near the
destination. In other words, an ISP can deploy BCP38 or whatever, but
still cannot well protect its customers from spoofing attacks from
other ASes.

On Wed, Mar 28, 2012 at 6:54 PM, Eric Brunner-Williams
<brunner at nic-naa.net> wrote:
> On 3/28/12 11:45 AM, David Conrad wrote:
>> Actually, given the uptick in spoofing-based DoS attacks, the ease in which such attacks can be generated, recent high profile targets of said attacks, and the full-on money pumping freakout about anything with "cyber-" tacked on the front, I suspect a likely outcome will be proposals for legislation forcing ISPs to do something like BCP38.
>
> in a note (which didn't go anywhere in particular) i pointed out that
> contract may address the same issue for which legislation may be
> proposed, at least for "contractual closures" (sorry, a term of my
> own, defined below) which share the property some jurisdictions have
> of a finite access provider universe.
>
>
> i mean "contractual closure" to be the performance guarantee (or
> non-performance guarantee) present in a set of contracts for a
> particular service.
>
> think "china", after first abstracting all the negatives associated
> with policy as a property of a distributed, shared, public resource,
> or "firewalls 4 (bcp defined) good".
>
> -e
>



-- 
Bingyang Liu
Network Architecture Lab, Network Center,Tsinghua Univ.
Beijing, China
Home Page: http://netarchlab.tsinghua.edu.cn/~liuby




More information about the NANOG mailing list