[168747] in North American Network Operators' Group
Re: TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (William Herrin)
Tue Feb 4 11:05:10 2014
In-Reply-To: <CAD6AjGTYMM8TSfSmFSh96OHxW6-HJWTGQsU=2KBxbOGxjM44pQ@mail.gmail.com>
From: William Herrin <bill@herrin.us>
Date: Tue, 4 Feb 2014 11:04:08 -0500
To: Cb B <cb.list6@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sun, Feb 2, 2014 at 5:17 PM, Cb B <cb.list6@gmail.com> wrote:
> And, i agree bcp38 would help but that was published 14 years ago.
Howdy,
If just three of the transit-free networks rewrote their peering
contracts such that there was a $10k per day penalty for sending
packets with source addresses the peer should reasonably have known
were forged, this problem would go away in a matter of weeks. Granted
it would also be helpful to have a BGP extension signifying
allowed-source-but-don't-route so that RP filtering would work even
when multihomed. Still, even without automatic RP filtering we're
capable of preventing spoofed packets if financially incentivized.
Thing is, they can't be the source of the solution until they stop
being part of the problem.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin@dirtside.com bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
