28 Mar
2012
28 Mar
'12
5:11 p.m.
On Wed, 28 Mar 2012, Bingyang LIU wrote:
the provider may not be able to protect its customers, because ingress filtering (including uRPF) is inefficient when done near the destination. In other words, an ISP can deploy BCP38 or whatever, but still cannot well protect its customers from spoofing attacks from other ASes.
The ASes which enable spoofing need to have some penalty imposed or they will never engage in correct behavior. Something like throwing all their traffic into scavenger class. If their customers start complaining to them, maybe then they will shape up. -Dan