Block one type of attack enough times and you've accomplished something. Because script kiddies are taking advantage of published exploits doesn't mean we stop setting passwords on things. You have to protect from them all. No, no collateral damage. We discussed this a couple weeks ago and there was no credible evidence of collateral damage. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Laszlo Hanyecz" <laszlo@heliacal.net> To: nanog@nanog.org Sent: Friday, October 21, 2016 7:52:42 PM Subject: Re: Death of the Internet, Film at 11 On 2016-10-22 00:39, Ronald F. Guilmette wrote:
P.S. To all of you Ayn Rand devotees out there who still vociferously argue that it's nobody else's business how you monitor or police your "private" networks, and who still refuse to take even minimalist steps (like BCP 38), congratulations.
What does BCP38 have to do with this? All that does is block one specific type of attack (and cause a lot of collateral damage). The IoT devices do not need to spoof addresses - they can just generate attack traffic directly. This is even better, because you can't cut those eyeball addresses off - those are the same addresses your target audience is using. If you cut off the eyeball networks there's not much point to running an internet business website anymore. -Laszlo