[168773] in North American Network Operators' Group
Re: Why won't providers source-filter attacks? Simple.
daemon@ATHENA.MIT.EDU (Octavio Alvarez)
Tue Feb 4 15:56:09 2014
Date: Tue, 04 Feb 2014 12:55:38 -0800
From: Octavio Alvarez <alvarezp@alvarezp.ods.org>
To: Jay Ashworth <jra@baylink.com>, NANOG <nanog@nanog.org>
In-Reply-To: <977303.7242.1391542533531.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 04/02/14 11:35, Jay Ashworth wrote:
> It *is in their commercial best interest (read: maximizing shareholder
> value) *NOT* to filter out DOS, DDOS, and spam traffic until their hand is
> forced -- it's actually their fiduciary duty not to.
That's short-sighted, but I agree in that that's what happens. Not
filtering doesn't prevent them to operate.
> *THIS* is the problem we have to fix.
Source-based routing when going back to the backbone, at least on IPv6.
It allows end-user multihoming with no BGP, and routers could be
programmed to, by default, drop packages that don't know how to
source-route, hence, automatically source filtering for those that don't
care enough.
Difficult to do. Will take years to develop and adopt... if at all.
