|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Florian Weimer <fw@deneb.enyo.de> To: "Steven M. Bellovin" <smb@cs.columbia.edu> Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu Date: Thu, 26 Oct 2006 17:07:32 +0200 In-Reply-To: <20061026093324.f56f7f5d.smb@cs.columbia.edu> (Steven M. Bellovin's message of "Thu, 26 Oct 2006 09:33:24 -0400") Errors-To: owner-nanog@merit.edu * Steven M. Bellovin: > As you note, the 20-25% figure (of addresses) has been pretty constant > for quite a while. Assuming that subverted machines are uniformly > distributed (a big assumption) I doubt this assumption about distribution is valid. At least over here, consumer-grade ISPs (think DSL with dynamic IP addresses) apply ingress filters, while real ISPs don't. If you're lucky, you get egress filters at some border routers, but it's not standard at all. Customer-facing interfaces are generally unfiltered. (But I have to admit that we recently ran into filters at an upstream's upstream, so there's at least some BCP 38 adoption.)
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |