[93089] in North American Network Operators' Group
Re: BCP38 thread 93,871,738,435
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Oct 26 13:08:26 2006
Date: Thu, 26 Oct 2006 13:03:54 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
In-Reply-To: <871wov15fv.fsf@mid.deneb.enyo.de>
Errors-To: owner-nanog@merit.edu
On Thu, 26 Oct 2006 17:07:32 +0200, Florian Weimer <fw@deneb.enyo.de>
wrote:
> * Steven M. Bellovin:
>
> > As you note, the 20-25% figure (of addresses) has been pretty constant
> > for quite a while. Assuming that subverted machines are uniformly
> > distributed (a big assumption)
>
> I doubt this assumption about distribution is valid. At least over
> here, consumer-grade ISPs (think DSL with dynamic IP addresses) apply
> ingress filters, while real ISPs don't. If you're lucky, you get
> egress filters at some border routers, but it's not standard at all.
> Customer-facing interfaces are generally unfiltered.
>
Those are good points. It would be interesting to look at the raw AS
data and see what classes of organizations were represented.
Unfortunately, that data is not publicly available, according to the FAQ
for that project.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
