nanog mailing list archives
BCP38 making it work, solving problems
From: Sean Donelan <sean () donelan com>
Date: Sun, 10 Oct 2004 21:35:33 -0400 (EDT)
On Sun, 10 Oct 2004, James Baldwin wrote:
I agree that BCP 38 should be implemented. I agree that BCP 38 will have a greater affect on network abuse than port 25 filtering. They both have their place and address to partially overlapping groups of abuse imho.
Be conservative in what you send is an excellent philosophy. And within a product generation or two, vendor equipment will almost capable of supporting it. Even Cisco has realized uRPF isn't a complete solution. Cisco's marketing department came up with multiple differently named IP sourceguard, Cable source verify, unicast reverse path filtering; which confuses both technical and non-technical people. But too many boxes still crumble if you turn them on, if you are even able to turn them on. But BCP38 doesn't immediately help the ISP. Several ISPs have implemented BCP38, and it has very little return on investment. It actually has a negative return because people are dumb. People think BCP38 means the packets could only originate from you. In reality, BCP38 only helps you with where the spoofed packets did NOT originate. But people don't complain to the source of spoofed packet. People complain to IANA about attacks coming from Net-10. I know the Net-10 packets didn't originate from me, but it doesn't mean the Net-64 packets did. On the other hand, NAT, banning servers, blocking port 25, file sharing bandwidth limits all have much faster return on investment from the ISP point of view. They may be more harmful in the longer term. But even your friends don't like it when you try to do the right thing. Microsoft removed "raw" sockets from XP SP2. Doesn't that make you feel safer? I have received complaints from people about NOT being able to spoof packets.
Current thread:
- Re: short Botnet list and Cashing in on DoS, (continued)
- Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 09)
- Re: short Botnet list and Cashing in on DoS Petri Helenius (Oct 09)
- Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 09)
- Re: short Botnet list and Cashing in on DoS Alexei Roudnev (Oct 09)
- Re: [nanog] Re: short Botnet list and Cashing in on DoS Dan Mahoney, System Admin (Oct 09)
- Re: [nanog] Re: short Botnet list and Cashing in on DoS Randy Bush (Oct 09)
- Re: [nanog] Re: short Botnet list and Cashing in on DoS Alexei Roudnev (Oct 10)
- Re: short Botnet list and Cashing in on DoS Mark Andrews (Oct 10)
- Re: short Botnet list and Cashing in on DoS James Baldwin (Oct 10)
- Re: short Botnet list and Cashing in on DoS Alexei Roudnev (Oct 10)
- BCP38 making it work, solving problems Sean Donelan (Oct 10)
- Re: BCP38 making it work, solving problems Edward B. Dreger (Oct 11)
- Re: short Botnet list and Cashing in on DoS Bill Stewart (Oct 11)
- Re: short Botnet list and Cashing in on DoS Edward B. Dreger (Oct 11)
- Re: short Botnet list and Cashing in on DoS David Lesher (Oct 09)
- Re: short Botnet list and Cashing in on DoS Stephen J. Wilcox (Oct 09)
- Re: short Botnet list and Cashing in on DoS Gadi Evron (Oct 09)
- Re: short Botnet list and Cashing in on DoS Stephen J. Wilcox (Oct 09)
- Re: short Botnet list and Cashing in on DoS Paul Vixie (Oct 09)
- Re: short Botnet list and Cashing in on DoS Alexei Roudnev (Oct 09)
- Re: short Botnet list and Cashing in on DoS Petri Helenius (Oct 09)