Yeah, "contractual closures" might be a way to force the providers to deploy BCP38. However, when the customers become the target of a spoofing attack, the provider may not be able to protect its customers, because ingress filtering (including uRPF) is inefficient when done near the destination. In other words, an ISP can deploy BCP38 or whatever, but still cannot well protect its customers from spoofing attacks from other ASes. On Wed, Mar 28, 2012 at 6:54 PM, Eric Brunner-Williams <brunner@nic-naa.net> wrote:
On 3/28/12 11:45 AM, David Conrad wrote:
Actually, given the uptick in spoofing-based DoS attacks, the ease in which such attacks can be generated, recent high profile targets of said attacks, and the full-on money pumping freakout about anything with "cyber-" tacked on the front, I suspect a likely outcome will be proposals for legislation forcing ISPs to do something like BCP38.
in a note (which didn't go anywhere in particular) i pointed out that contract may address the same issue for which legislation may be proposed, at least for "contractual closures" (sorry, a term of my own, defined below) which share the property some jurisdictions have of a finite access provider universe.
i mean "contractual closure" to be the performance guarantee (or non-performance guarantee) present in a set of contracts for a particular service.
think "china", after first abstracting all the negatives associated with policy as a property of a distributed, shared, public resource, or "firewalls 4 (bcp defined) good".
-e
-- Bingyang Liu Network Architecture Lab, Network Center,Tsinghua Univ. Beijing, China Home Page: http://netarchlab.tsinghua.edu.cn/~liuby