Why won't providers source-filter attacks? Simple.

Jimmy Hess mysidia at gmail.com
Wed Feb 5 07:12:40 UTC 2014


On Tue, Feb 4, 2014 at 10:01 PM, <Valdis.Kletnieks at vt.edu> wrote:

> On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:
> > Now if we could get equipement vendors to stop shipping models
> > without the necessary support it would help but that also may require
> > government intervention.
>

A good start would be to get  BCP38  revised to  router  the Host
requirements RFCs,  to indicate  that  ingress filtering should be
considered mandatory  on  site-facing interfaces.

If the standards documents still just call it a best practice....  what
hope is there of  having governments  require it of the service providers
 that their networks are connected to, anyways?



>
> Time to name-and-shame.  It's 2014.  Who's still shipping gear that
> can't manage eyeball-facing BCP38?
>

-- 
-JH


More information about the NANOG mailing list