Why won't providers source-filter attacks? Simple.

Livingood, Jason Jason_Livingood at cable.comcast.com
Fri Feb 7 19:26:19 UTC 2014


On 2/5/14, 7:11 PM, "Mark Andrews" <marka at isc.org> wrote:

>Well when industries don't self regulate governments step in.  This
>industry is demonstratably incapble of regulating itself in this
>area despite lots of evidence of the problems being caused for lots
>of years.  

Which industry is that? App providers that have not implemented? Hosting
providers that have not? Transit providers that have not? Access network
ISPs that have not? Large enterprises and education networks that have
not? ;-)

I still prefer a list of specific networks that need to pay attention to
improving anti-spoofing since otherwise I think most of us are in violent
agreement on the need.

>This has been DOCUMENTED BEST CURRENT PRACTICE for 13.5
>years.  Everybody else is having to deal the problems caused by
>these bad actors.
>
>Hell, I suspect you could send the directors to gaol or make them
>pay a heavy fine today by properly examining the existing laws.  A new
>law would just make the problem more explicit.

In the U.S. one of the FCC Communications Security, Reliability, and
Interoperability Council (CSRIC) working groups is focused on this issue.
I do not know what is happening in other jurisdictions.

Jason




More information about the NANOG mailing list