SD> Date: Sun, 7 Mar 2004 21:24:44 -0500 (EST) SD> From: Sean Donelan SD> This confirms my statement. You save nothing by deploying SD> SAV on your network. There may be some indeterminate benefit Unless, of course, the traffic originated from your network and it simplifies your backtrace. Tracing flows isn't difficult, but it's more time consuming than a traceroute. SD> at some indeterminate time in the future after everyone else SD> in the world correctly implements SAV. But there is no way SD> to verify if every other network in the world has correctly SD> deployed SAV. Even if everyone deploys SAV/uRPF you never s/SAV/AS_PATH filtering and netblock adverts/ in your above statement. While technically true, it's highly disingenuous. Should providers quit filtering those simply because not everyone does it? It's extra cost with no selfish benefit, right? If you want a network to extend that courtesy to you, extend it to them. If you extend the courtesy to them, demand it in return. SD> know when someone may misconfigure something, so you still SD> have to keep doing everything you were doing. Perhaps on a lesser scale, though. There's benefit in knowing something did not originate from certain sources. SD> In the mean time, you get to pay for the extra costs for SD> deploying SAV/uRPF in addition to doing everything you were SD> already doing. Just like AS_PATH and netblock announcement filters. Just like flow monitoring. Just like chasing down spammers. Just like dealing with "pwned" systems. Just like most anything else that wouldn't be necessary in a perfect world. Also note various posters' interest in shifting costs to responsible parties. One can argue what is "reasonable", but consequences boost motivation. Perhaps if lack of certain precautions were considered [legally] negligent, failure would be the more expensive option. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.