Why won't providers source-filter attacks? Simple.

Peter Kristolaitis alter3d at alter3d.ca
Tue Feb 4 23:35:13 UTC 2014


On 2/4/2014 5:00 PM, Mark Andrews wrote:
>> Nope: it's easy to explain; you merely have to be a cynical bastard:
>>
>> Attack traffic takes up bandwidth.
>>
>> Providers sell bandwidth.
>>
>> It *is in their commercial best interest (read: maximizing shareholder
>> value) *NOT* to filter out DOS, DDOS, and spam traffic until their hand is
>> forced -- it's actually their fiduciary duty not to.
> Then the need to be made criminally liable for the damage that it causes.
> Yes, the directors of these companies need to serve gaol time.

That would never fly, because it would put the politicians at odds with 
the telecom buddies that make huge political donations.   Hard to throw 
someone in jail then hit them up for campaign money.   What will 
probably happen is the same thing we do with everything else that might 
be used for evil purposes but where we don't want to tackle the real 
underlying problem -- just write a law banning something and hope the 
problem goes away.

Make it illegal to posses a device capable of bandwith greater than 
33.6Kbps without a special license, and BAM -- no more problems, 
overnight.  For added political-style points, tack on a catchy moniker, 
like "Immoral Bandwidth Prohibition", "The War on DDOS", or 
"High-Capacity Digital Assault Bandwidth" to help sell it to the 
public.  The public will be OK with their funny cat videos taking 19 
hours to load if they know they're preventing bad guys from doing 
something evil.

After all, it's worked flawlessly for alcohol, drugs and guns, so it 
MUST work for networks... and it's much easier than those silly, 
so-called "solutions" y'all are talking about!   :p

- Pete

(P.S.  Dear politicians:  in case you're reading this, the above was 
satire and should not be construed as anything resembling a good idea.)




More information about the NANOG mailing list