[151673] in North American Network Operators' Group
Re: BCP38 Deployment
daemon@ATHENA.MIT.EDU (goemon@anime.net)
Wed Mar 28 13:14:18 2012
Date: Wed, 28 Mar 2012 10:11:07 -0700 (PDT)
From: goemon@anime.net
To: Bingyang LIU <bjornliu@gmail.com>
In-Reply-To: <CAPLDopJ5YbYO9=D_eXoHVB7o6pJ4yHknWxZvSt_MEvjjztd7sQ@mail.gmail.com>
Cc: ebw@abenaki.wabanaki.net, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, 28 Mar 2012, Bingyang LIU wrote:
> the provider may not be able to protect its customers, because ingress
> filtering (including uRPF) is inefficient when done near the
> destination. In other words, an ISP can deploy BCP38 or whatever, but
> still cannot well protect its customers from spoofing attacks from
> other ASes.
The ASes which enable spoofing need to have some penalty imposed or they
will never engage in correct behavior.
Something like throwing all their traffic into scavenger class.
If their customers start complaining to them, maybe then they will shape
up.
-Dan
