At 04:13 PM 5/7/97 -0400, J.D. Falk wrote:
[Quoted message reformatted to wrap at 80 columns]
On May 7, "James D. Wilson" <netsurf@pixi.com> wrote:
During the NSF days there were acceptable use policies that governed activities that were considered inappropriate to NSF and which could result in denial of access across their wires.
Since that seemed to hold up over the years, would it be possible (or legal) for the NAPs etc. to have similar policies about SPAM which could result in traffic from non-compliant sites not being routed?
Personally, I'd rather not see the NAP operators take this much of an active stance on anything. They're the closest thing the Internet is ever gonna have to a "common carrier" that actually /does/ carry anybody's traffic. Next, they'd find themselves called in to resolve peering disputes, and it'd be a big mess.
Let's start small then, and have everyone do ingress filtering on packets from their customers, ensuring the IP addresses on arriving packets are correct. We've been hit several times recently with floods of packets from RFC1918 addresses, for example. I also frequently see reply packets with bogus addresses that are the apparent spray from a web server under attack with random source addresses. The ISPs who have T1 and below customer links should be able to do filtering with the routing equipment they have. If not, then specify routers that CAN handle the load when you do buy upgrades. The backbone providers should also be able to do ingress filtering IF the routers they buy are specified to do it. The complaint to date I've heard is that the routers they have can't keep up. Fine. Getting everyone to filter isn't going to happen overnight, but it MUST happen sooner rather than later. It has to happen before anyone attempts to charge per-packet for transit, I would think. Daniel Senie mailto:dts@openroute.com Sr. Staff Engineer http://www.openroute.com/ OpenROUTE Networks, Inc. (a wholly owned subsidiary of Proteon, Inc.)