[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP38 Deployment

Subject: BCP38 Deployment
From: goemon at anime.net (goemon at anime.net)
Date: Wed, 28 Mar 2012 10:11:07 -0700 (PDT)
In-reply-to: <CAPLDopJ5YbYO9=D_eXoHVB7o6pJ4yHknWxZvSt_MEvjjztd7sQ@mail.gmail.com>
References: <CAPLDopJ8RmbcPVoUgmR+vXWkujYb_PEfpV19_K6qrorMu4FVJQ@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAPLDopJ5YbYO9=D_eXoHVB7o6pJ4yHknWxZvSt_MEvjjztd7sQ@mail.gmail.com>

On Wed, 28 Mar 2012, Bingyang LIU wrote:
> the provider may not be able to protect its customers, because ingress
> filtering (including uRPF) is inefficient when done near the
> destination. In other words, an ISP can deploy BCP38 or whatever, but
> still cannot well protect its customers from spoofing attacks from
> other ASes.

The ASes which enable spoofing need to have some penalty imposed or they 
will never engage in correct behavior.

Something like throwing all their traffic into scavenger class.

If their customers start complaining to them, maybe then they will shape 
up.

-Dan

References:
- BCP38 Deployment
  - From: bjornliu at gmail.com (Bingyang LIU)
- BCP38 Deployment
  - From: patrick at ianai.net (Patrick W. Gilmore)
- BCP38 Deployment
  - From: bicknell at ufp.org (Leo Bicknell)
- BCP38 Deployment
  - From: drc at virtualized.org (David Conrad)
- BCP38 Deployment
  - From: brunner at nic-naa.net (Eric Brunner-Williams)
- BCP38 Deployment
  - From: bjornliu at gmail.com (Bingyang LIU)

Prev by Date: BCP38 Deployment
Next by Date: BCP38 Deployment
Previous by thread: BCP38 Deployment
Next by thread: BCP38 Deployment
Index(es):
- Date
- Thread