Why won't providers source-filter attacks? Simple.

Octavio Alvarez alvarezp at alvarezp.ods.org
Tue Feb 4 20:55:38 UTC 2014


On 04/02/14 11:35, Jay Ashworth wrote:
> It *is in their commercial best interest (read: maximizing shareholder
> value) *NOT* to filter out DOS, DDOS, and spam traffic until their hand is
> forced -- it's actually their fiduciary duty not to.

That's short-sighted, but I agree in that that's what happens. Not 
filtering doesn't prevent them to operate.

> *THIS* is the problem we have to fix.

Source-based routing when going back to the backbone, at least on IPv6. 
It allows end-user multihoming with no BGP, and routers could be 
programmed to, by default, drop packages that don't know how to 
source-route, hence, automatically source filtering for those that don't 
care enough.

Difficult to do. Will take years to develop and adopt... if at all.



More information about the NANOG mailing list