[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BCP38 dismissal
On Sep 7, 2008, at 12:18 AM, Randy Bush wrote:
> normally i would have just hit delete. but your ad hominem attack on
> the messenger need a response.
>
> the reality of life is that he is correct in that "attack traffic
> comes
> from legitimate IP sources anyway."
>
> therefore, your first duty should be to keep your hosts from joining
> the
> massive army of botnets.
Having no hosts, I can't do much about that other than use various
good best practices (including BCP38), run ids units looking for
compromised hosts, and respond quickly to each abuse report if my IDS
doesn't observe it first.
Given that I know of no provider larger than us using BCP38 on every
port, and no other provider larger than us that responds to every
abuse report, it would appear that we are top of the class in that
aspect.
Therefore, when someone says "I don't need to do BCP38" because BCP38
doesn't cause problems for them, I consider them a jerk. And yeah, I
feel pretty confident looking down my nose at someone like that.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness