[110947] in North American Network Operators' Group
Re: Are we really this helpless? (Re: isprime DOS in progress)
daemon@ATHENA.MIT.EDU (Danny McPherson)
Sat Jan 24 00:16:33 2009
From: Danny McPherson <danny@tcb.net>
To: David Conrad <drc@virtualized.org>
In-Reply-To: <844C67FA-9F15-48A3-BD0D-61C0BD6521D8@virtualized.org>
Date: Fri, 23 Jan 2009 22:16:24 -0700
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Jan 23, 2009, at 10:06 PM, David Conrad wrote:
>
> Sad fact is that there are zillions of excuses. Unfortunately I
> suspect the only way we're going to make any progress on this will
> be for laws to be passed (or lawsuits to be filed) that impose a
> financial penalty on ISPs through which these attacks propagate.
Yep, some external force is apparently necessary,
unfortunately.
We've been encouraging, and asking, and measuring intensely
for over a dozen years now, and the application of anti-
spoofing is still dismal < ~60%). I used to be sympathetic
to the arguments about infrastructure support, resources,
tools, etc.. I consider those argument no longer valid and
operators who don't implement ingress BCP 38 style filtering
remiss.
-danny
