On Tue, 20 Sep 2005 Valdis.Kletnieks@vt.edu wrote:
On Tue, 20 Sep 2005 08:44:33 +0200, Gadi Evron said:
Whatever gets done and re-done is local, whether by ISP or country and there is almost nothing getting done to treat this as a global, macro problem, and actually put in measures to combat it.
RFC2827 came out in May 2000.
Based on its deployment history, where providers just have to act locally, I suspect that a requirement that providers act globally will result in either:
Well.. it could be worse, according to the results in http://spoofer.csail.mit.edu/, at least by some metrics, about 2/3 or 3/4 of networks are unspoofable. That's already pretty good improvement.. FWIW, here in Finland the regulatory body is mandating certain amount of spoofing prevention and other things. Transit providers (to whatever definition of 'transit') could maybe also be a bit more strict on what they accept from downstream.. Btw. Juniper's Feasible Path uRPF (mentioned in RFC3704) is your friend, even on multihomed/asymmetric links. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings