North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: router worms and International Infrastructure
On Tue, 20 Sep 2005 Valdis.Kletnieks@vt.edu wrote:
Well.. it could be worse, according to the results in http://spoofer.csail.mit.edu/, at least by some metrics, about 2/3 or 3/4 of networks are unspoofable. That's already pretty good improvement..On Tue, 20 Sep 2005 08:44:33 +0200, Gadi Evron said:Whatever gets done and re-done is local, whether by ISP or country and there is almost nothing getting done to treat this as a global, macro problem, and actually put in measures to combat it.RFC2827 came out in May 2000. Based on its deployment history, where providers just have to act locally, I suspect that a requirement that providers act globally will result in either:
FWIW, here in Finland the regulatory body is mandating certain amount of spoofing prevention and other things. Transit providers (to whatever definition of 'transit') could maybe also be a bit more strict on what they accept from downstream..
Btw. Juniper's Feasible Path uRPF (mentioned in RFC3704) is your friend, even on multihomed/asymmetric links.
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings