BCP38 - Internet Death Penalty

Wed Mar 27 23:01:34 UTC 2013

In message <CAA=cXfrO3c8=UYZDExpiYsEhFJDup=gUMvO+d=U34-DjW0AgdA at mail.gmail.com>
, Jason Ackley writes:
> 
> On Wed, Mar 27, 2013 at 4:19 PM, Paul Ferguson <fergdawgster at gmail.com>wrote:
> 
> 
> > Some people are going to have to step and add a few thousand more
> > frequent flier miles and get out to various geographic constituencies,
> > at various events, and start talking about this. And we need a lot
> > more people on board. Nation & international campaigns, etc.
> >
> >
> Agree 100%.
> 
> One thing that I will mention is a subtle issue that needs more thought.  I
> think one of the challenges for this is answering the question of 'How does
> this make it better for my network on day one?'   . Well , it doesn't for
> the majority of impact that people may be seeing.

Firstly you protect your customers from your other customer machines
that are compromised.

Secondly you reduce your legal liability.

Third you can use it to improve the reputation of your network.

> For example - Let us say someone is not currently running a fully
> BCP38-compliant network (shame on them, blah blah). They can do the
> remaining work to fix this in XXX hours at YYY cost.
> 
> The issue for them may be that they are the *destination* of the attacks
> that leverage non-BCP38 compliant networks. So even after investing XXX
> hours and YYY dollars it doesn't 'cure' the majority of the problems for
> them related to spoofing. So any spend on this is not a 'fix' as much as it
> is a 'fix for others'. (which certainly still needs to be done , don't get
> me wrong!)
> 
> Spoofing remains a problem until *everyone*  gets it done or there is
> enough motivation to get it done without benefit to your own network.

It's a reducing problem as more networks filter.

> If Network_Zed is the last to go BCP38-complaint in 2023 , then the rest of
> the internet is still vulnerable to the nasty items that can take place
> from the Network_Zed network until that time.

Or the rest of the world can just shun Network_Zed.

> Accepting that I think we need to find ways to make it where it stays on
> the radar - as has been suggested via walls of shame, RIR pressure, etc.
> Perhaps 'spoofing fees' etc ?
> 
> I hate to have an approach of 'fix this or I will hit you with this stick!'
> - but this has got to stop..
> 
> OK, back to my hole watching all the presumably spoofed incoming traffic
> that happens to be on udp/53 and looking for ANY? isc.org :-)

Which you can chase back to offending sources and complain to them about.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org