[151671] in North American Network Operators' Group
Re: BCP38 Deployment
daemon@ATHENA.MIT.EDU (Bingyang LIU)
Wed Mar 28 13:05:53 2012
In-Reply-To: <4F734254.7010706@nic-naa.net>
Date: Wed, 28 Mar 2012 19:05:03 +0200
From: Bingyang LIU <bjornliu@gmail.com>
To: ebw@abenaki.wabanaki.net
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Yeah, "contractual closures" might be a way to force the providers to
deploy BCP38.
However, when the customers become the target of a spoofing attack,
the provider may not be able to protect its customers, because ingress
filtering (including uRPF) is inefficient when done near the
destination. In other words, an ISP can deploy BCP38 or whatever, but
still cannot well protect its customers from spoofing attacks from
other ASes.
On Wed, Mar 28, 2012 at 6:54 PM, Eric Brunner-Williams
<brunner@nic-naa.net> wrote:
> On 3/28/12 11:45 AM, David Conrad wrote:
>> Actually, given the uptick in spoofing-based DoS attacks, the ease in wh=
ich such attacks can be generated, recent high profile targets of said atta=
cks, and the full-on money pumping freakout about anything with "cyber-" ta=
cked on the front, I suspect a likely outcome will be proposals for legisla=
tion forcing ISPs to do something like BCP38.
>
> in a note (which didn't go anywhere in particular) i pointed out that
> contract may address the same issue for which legislation may be
> proposed, at least for "contractual closures" (sorry, a term of my
> own, defined below) which share the property some jurisdictions have
> of a finite access provider universe.
>
>
> i mean "contractual closure" to be the performance guarantee (or
> non-performance guarantee) present in a set of contracts for a
> particular service.
>
> think "china", after first abstracting all the negatives associated
> with policy as a property of a distributed, shared, public resource,
> or "firewalls 4 (bcp defined) good".
>
> -e
>
--=20
Bingyang Liu
Network Architecture Lab, Network Center,Tsinghua Univ.
Beijing, China
Home Page: http://netarchlab.tsinghua.edu.cn/~liuby
