there are people now reading these words who are not exactly polite members of internet society.
i suspect that many people would number you and me among them. but that's why we have .procmailrc and the delete key.
i think you're assuming a lot. it's not socially reasonable. there are US network owners whose peering policies are set based on fear of the justice department rather than on any solid economic or engineering basis.
i suspect that some larger isps see a connection between doj actions and economic impact. ask mci old-timers. ask bernie ebers.
my simple-minded approach to thinking about this is about interface ingress filtering. an interface or subinterface or link or whatever you want to call it on one of your routers is ingressing one of three kinds of traffic:
1. from a customer (not your network) 2. from a peer (not your network) 3. from some other router you own
if all your routers handle #1 and #2 consistently and well, then #3 doesn't matter. (filtering by trusted proxy.) if you limit each #1 to a specific set of source addresses (which limits performance but CAN be done, even on very slow, or very fast, and/or very dense connections), and if by peering agreement you limit #2 (back to filtering by trusted proxy) then you're DONE implementing it (randy's first point, above).
i am told that a well-known and still somewhat popular router vendor handles source filtering on the slow path, and can't handle aggregated high loads. is the acl for large peers 2 known and loadable into routers? i am not comfortable with the assumption that my peer must have similar agreements with all their peers. heck, if i did, then, aside from the business issues (you gonna force att/cw/sprint/uu/... how to coduct their peering policy?) how does all this bootstrap?
making #2 transitive is the big problem. let's say that woody's got some really old peering agreement in place with some provider who doesn't mind leaving the session up but would almost certainly not be willing/able to set it up afresh starting today. will woody drop peering with that provider if they refuse to agree to limit spoofage? Certainly Not. probably some very large/old networks could simply drag their feet about agreeing to limit their spoofage, and thus transitively make all "upgraded" peering agreements thereby toothless. (would i drop peering with woody just because he refused to drop it with some old/large network who refused to control their spoofage emission? Probably Not.)
yup. that's a real problem. so we have two problems with this o we can't tell big peers how to conduct their business o source filtering at high bandwidth how do we make progress on these?
the angry teenager with a $300 openbsd machine apparently has nothing to fear from us.
some of them are in jail. and there are some interesting anti-ddos tecnology developments in the works. not to belittle the problem. randy