nanog mailing list archives
Re: On the back of other 'security' posts....
From: Paul Vixie <vixie () vix com>
Date: 02 Sep 2003 01:45:41 +0000
Ok, so we seem to have a general agreement that anti-spoof & BGP prefix filtering on all standard customer edge links is a worthwhile practice.
actually, we don't. what we've achieved is that gray area / middle ground where the people who don't think it's important are mostly afraid to speak out against it. while this is an important milestone, it's not nearly the same as general agreement.
Now what? Is there any hope of this ever happening on a very large scale without somehow being mandated? (Not that it necessarily should be mandated.)
there is no way to mandate it. even if it were somehow a full standard in the ietf, network owners who didn't want to do it wouldn't have to do it.
How much success have Barry Green and co. had? Is there something the rest of us could be doing?
i'm thinking we may need some kind of branding campaign, so that rfp authors can refer to a set of "good practices" like terminating spammers, not writing "pink contracts", not hosting spamvertised web sites, publishing in the radb, filtering customer routes by rir, running full uprf on customer-facing links, and so on down the line. i'm not sure that we (isc) would be the best people to run an isp branding/certification programme, so i'm hoping someone else steps up, like maybe the rirs or isp/c or maps or whatever. but once the sales people inside isp's have to contend with this as a checklist item in incoming rfp's, it'll see fast deployment even in bankrupt high-inertia "backbone" networks like uunet. -- Paul Vixie
Current thread:
- RE: On the back of other 'security' posts.... Terry Baranski (Sep 01)
- RE: On the back of other 'security' posts.... Daniel Senie (Sep 01)
- Re: On the back of other 'security' posts.... Paul Vixie (Sep 01)
- Re: On the back of other 'security' posts.... Iljitsch van Beijnum (Sep 02)
- <Possible follow-ups>
- Re: On the back of other 'security' posts.... Scott Francis (Sep 03)