I'm uncomfortable with the tone of some of the responses on
this thread. I don't think there is a need for anyone to
be adversarial about this issue.
Steve Kent's point that we in the Internet community need to work
on other better mechanisms besides RPF checks is well taken.
It is also the case that at present RPF checks provide significant
operational risk reduction for most operators (whether enterprise,
school, or ISP) and at a reasonable cost. Nearly all of the security
mechanisms currently deployed are only providing risk reduction --
I'm not aware of any operationally deployed perfect security solution.
The trick as a community is finding cost-effective mechanisms for
reducing individual and collective risks, IMHO.
For example, @Home has found it straight forward to deploy RPF checks
in our network. Our original motivation was merely to be a good
Internet citizen. However, we have also found that it reduces our
operational costs to have such filters in place (e.g. less time spent
handling alleged abuse cases). Other ISPs might have different situations
leading to different conclusions.
Ran
rja(_at_)inet(_dot_)org