On Mon, 11 Mar 2002, Jake Khuon wrote:
There were workable solutions even back then. I think we all just chose the path of least resistance because it was easier and the risk factours were perceived to be low. We all know that was a false assumption. I remember the first smurf attack against mae-east and how it knocked out quite a few peers.
Yep, I understand. History is never as neat as we would like. It may have been suitable in the past. Is it time to change? I'm not suggesting RFC1918 space for internal backbone routers and IXPs, but not announcing your internal-only nets would (slightly) increase the difficulty of attacking the core. It doesn't even require ISPs to agree on a best practice. A provider can choose to implement it themselves to protect their own core network. Perhaps the attacks on core routers aren't bad enough to justify such a drastic step yet. I get conflicting signals from engineers still working. Some say they see attacks all the time, others say they've never seen one on their core routers.