[168815] in North American Network Operators' Group
Re: Why won't providers source-filter attacks? Simple.
daemon@ATHENA.MIT.EDU (Jimmy Hess)
Wed Feb 5 02:13:21 2014
In-Reply-To: <16144.1391572892@turing-police.cc.vt.edu>
From: Jimmy Hess <mysidia@gmail.com>
Date: Wed, 5 Feb 2014 01:12:40 -0600
To: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Feb 4, 2014 at 10:01 PM, <Valdis.Kletnieks@vt.edu> wrote:
> On Wed, 05 Feb 2014 12:18:54 +1100, Mark Andrews said:
> > Now if we could get equipement vendors to stop shipping models
> > without the necessary support it would help but that also may require
> > government intervention.
>
A good start would be to get BCP38 revised to router the Host
requirements RFCs, to indicate that ingress filtering should be
considered mandatory on site-facing interfaces.
If the standards documents still just call it a best practice.... what
hope is there of having governments require it of the service providers
that their networks are connected to, anyways?
>
> Time to name-and-shame. It's 2014. Who's still shipping gear that
> can't manage eyeball-facing BCP38?
>
--
-JH
