Why won't providers source-filter attacks? Simple.
alvarezp at alvarezp.ods.org
Tue Feb 4 20:55:38 UTC 2014
On 04/02/14 11:35, Jay Ashworth wrote:
> It *is in their commercial best interest (read: maximizing shareholder
> value) *NOT* to filter out DOS, DDOS, and spam traffic until their hand is
> forced -- it's actually their fiduciary duty not to.
That's short-sighted, but I agree in that that's what happens. Not
filtering doesn't prevent them to operate.
> *THIS* is the problem we have to fix.
Source-based routing when going back to the backbone, at least on IPv6.
It allows end-user multihoming with no BGP, and routers could be
programmed to, by default, drop packages that don't know how to
source-route, hence, automatically source filtering for those that don't
Difficult to do. Will take years to develop and adopt... if at all.
More information about the NANOG