I think that making egress filtering a BCP, applying community
pressure, bringing law suites, etc., will be about as effective
at eliminating forged source address packets on the Internet as
similar measures have been in eliminating open SMTP relays...
They help, but not much.
Donald
From: Paul Ferguson <ferguson(_at_)cisco(_dot_)com>
Message-Id:
<4(_dot_)2(_dot_)2(_dot_)20000211163325(_dot_)00a50470(_at_)lint(_dot_)cisco(_dot_)com>
Date: Fri, 11 Feb 2000 16:35:18 -0500
To: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
Cc: IETF(_at_)ietf(_dot_)org
In-Reply-To:
<200002112033(_dot_)e1BKXC917344(_at_)black-ice(_dot_)cc(_dot_)vt(_dot_)edu>
References: <Your message of "Fri, 11 Feb 2000 14:40:15 EST."
<009E5826.5FC1D447.198
@process.com>
<009E5826(_dot_)5FC1D447(_dot_)198(_at_)process(_dot_)com>
At 03:33 PM 02/11/2000 -0500, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
Given that RFC2267 is over 2 years old now, what *do* you suggest the network
community at large do to motivate the sites that still haven't implemented it?
Do you think that if RFC2267 was advanced as a BCP that
it would carry more weight, and therefore more ISP's would
implement RFC2267-style filtering? Coupled with the latest
denial of service attacks?
- paul