On Tue, 26 Mar 2013, Darius Jahandarie wrote:
Well, I'm not sure this is what's being suggested by Jay, but many peering agreements/policies have something in them that say "prevent spoofing to best effort". Such statements could be strengthened in a global effort, and then spoofed source addresses could lead to depeering much faster/harder than what happens today. It would be reactionary rather than proactive, but still better than what we have now where spoofing is kind of like "it can't be helped".
I wish the Internet census people would try spoofing from their "botnet" and tell us which ISPs allow spoofing. I don't think this will fixed until there is a hall of shame or some kind of law requiring this and offenders would be fined. Can't we get homeland security into this? Threat to US national security if people can spoof? :P -- Mikael Abrahamsson email: swmike@swm.pp.se