[52694] in North American Network Operators' Group
RE: Who does source address validation? (was Re: what's that smell?)
daemon@ATHENA.MIT.EDU (Mark Borchers)
Tue Oct 8 16:24:45 2002
From: "Mark Borchers" <mborchers@igillc.com>
To: "Iljitsch van Beijnum" <iljitsch@muada.com>,
"John M. Brown" <john@chagresventures.com>
Cc: <nanog@merit.edu>
Date: Tue, 8 Oct 2002 15:23:42 -0500
In-Reply-To: <20021008215300.R84850-100000@sequoia.muada.com>
Errors-To: owner-nanog-outgoing@merit.edu
> > 2. Spoof filtering.
> > 3. Better tools to mitigate DOS/DDOS attacks. The technology exists
> > for say, cable providers to reduce port scans and DOS type attacks.
>
> I would happily kick anyone doing anything that is conclusively abusive
> off the net. But access providers aren't going to do this because it costs
> them money. Being a good netizen doesn't do them any good. I'm reminded of
> the two guys walking over the Serengeti, and they spot a lion. One guy
> bends down to tie his shoe laces, and the other says: what are you doing,
> you can't outrun a lion! The first guy says: I don't have to, as long as I
> can outrun you. People aren't in any hurry to protect the common good,
> they just want to keep one step ahead of those who get in trouble for not
> doing enough.
I guess you are describing the result of the bean counters' vision
of an Ideal World colliding with the engineer's concept of poor technical
practice.
I can't buy the above reasoning, though, for two reasons.
First, I just don't think there are bean counters clueful enough to
sit around calculating return-on-investment (or lack thereof) on source-
address filtering. And insofar as that is true, it is a mighty good
thing, as it prolongs the time when engineering practice is still within
the purview of engineers.
Second, I think there are still enough people around who remember how
Agis was hounded out of business for being spam-friendly. Nobody wants
the same thing to happen to them, and to avoid it, will avoid even the
perception of irresponsible operation.
