nanog mailing list archives
BCP38 (was: Re: Why won't providers source-filter attacks? Simple.)
From: John Curran <jcurran () arin net>
Date: Fri, 7 Feb 2014 20:37:49 +0000
On Feb 5, 2014, at 2:12 AM, Jimmy Hess <mysidia () gmail com> wrote:
On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:Now if we could get equipement vendors to stop shipping models without the necessary support it would help but that also may require government intervention. ...A good start would be to get BCP38 revised to router the Host requirements RFCs, to indicate that ingress filtering should be considered mandatory on site-facing interfaces. ...
It's also true that if a sizable group of network operators were to actually deploy source address validation (thus proving that it really is a reasonable approach and doesn't carry too much operational or vendor implications), then it would be quite reasonable for those operators to bring the results to NANOG and get it recognized as a best current operating practice for networks of similar design/purpose.
If the standards documents still just call it a best practice.... what hope is there of having governments require it of the service providers that their networks are connected to, anyways?
There is a significant difference between a "best current practice" (BCP) document from the IETF (a technical standards body) versus one which actually reflects the well-considered best practices of a large network operator forum. The latter would be of some interest to governments (and groups of governments) when they ask for any options that might help with their growing spam and DDoS concerns... FYI, /John
Current thread:
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?], (continued)
- Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?] Paul Ferguson (Feb 04)
- Why won't providers source-filter attacks? Simple. Jay Ashworth (Feb 04)
- Re: Why won't providers source-filter attacks? Simple. Octavio Alvarez (Feb 04)
- Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 04)
- Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 04)
- Re: Why won't providers source-filter attacks? Simple. Peter Kristolaitis (Feb 04)
- Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 04)
- Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 04)
- Re: Why won't providers source-filter attacks? Simple. Valdis . Kletnieks (Feb 04)
- Re: Why won't providers source-filter attacks? Simple. Jimmy Hess (Feb 04)
- BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) John Curran (Feb 07)
- Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Dobbins, Roland (Feb 07)
- Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Chris Grundemann (Feb 07)
- Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Dobbins, Roland (Feb 07)
- Re: BCP38 (was: Re: Why won't providers source-filter attacks? Simple.) Jay Ashworth (Feb 08)
- Re: Why won't providers source-filter attacks? Simple. Saku Ytti (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Jimmy Hess (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Mark Andrews (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Paul Ferguson (Feb 05)
- Re: Why won't providers source-filter attacks? Simple. Randy Bush (Feb 05)