[151672] in North American Network Operators' Group
Re: BCP38 Deployment
daemon@ATHENA.MIT.EDU (Darius Jahandarie)
Wed Mar 28 13:08:22 2012
In-Reply-To: <8F095B57-ABE5-4D5E-AF0A-BFC963D58EE0@virtualized.org>
Date: Wed, 28 Mar 2012 13:07:17 -0400
From: Darius Jahandarie <djahandarie@gmail.com>
To: David Conrad <drc@virtualized.org>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Mar 28, 2012 at 12:50, David Conrad <drc@virtualized.org> wrote:
> I would be surprised if this were true.
>
> I'd argue that today, the vast majority of devices on the Internet (and certainly the ones that are used in massive D(D)oS attacks) are found hanging off singly-homed networks.
Yes, but RPF can be implemented in places other than the customer
edge. In those places, lack of widespread, easy, and vendor-supported
feasible-path uRPF is what I believe really hurts things.
Granted, this is along a different line than what the OP was talking
about, but in terms of answering the question of "why don't we see
ingress filtering as much as we should?", I think it's a large factor.
--
Darius Jahandarie
