Ok, let's haul this up out of the other thread. It seems consensus that the anti-source-address-spoofing provisions (at least) of BCP38 have long since become critical to mitigating (and eventually preventing) UDP attacks like DNS reflection and such, and that such attacks are uniformly considered Bad Things. It also seems that, with 13 years to get it done, even if equipment makers have put usable working knobs into their edge routers and concentrators, sufficient numbers of IAPs have not started turning them on. The problem here is, of course, one of externalities and the Common Good, hard sales to make in a business environment. But have we reached the point where it's time to start trying? Do we need to define a flag day, say one year hence, and start making the sales pitch to our Corporate Overlords that we need to apply the IDP to edge connections which cannot prove they've implemented BCP38 (or at very least, the source address spoofing provisions thereof)? Put this in contracts and renewals, with the same penalty? Do the engineering heads at the top 10 tier-1/2 carriers carry enough water to make that sale to the CEOs? Cheers, -- jr 'will rouse rabble for food' a -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274