Daniel Senie <dts@senie.com> wrote:
While implementing these measures may not directly benefit your network, doing so may thwart an attack against someone else's net. Tomorrow, the roles could be reversed. As with many areas of managing the Internet, cooperation is key.
Yep. Actually, tier-1 ISPs can write the requirement for reverse-path source IP address verification on customer access circuits into their peering agreements. An enforcement can take a form of penalties per verified incident of forged source address attack originating in peer's network. (The adversarial IP perfix filtering was needed to institute such prefix-reduction policies as aggregation and address allocation out of ISP blocks. I remember that purely voluntary efforts were pretty much derailed by negligience of some ISPs (why AS 174 comes to the mind? :) I do not expect reverse path filtering to be any different in terms of deployment problems.) --vadim