[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why won't providers source-filter attacks? Simple.

Subject: Why won't providers source-filter attacks? Simple.
From: alvarezp at alvarezp.ods.org (Octavio Alvarez)
Date: Tue, 04 Feb 2014 12:55:38 -0800
In-reply-to: <[email protected]>
References: <[email protected]>

On 04/02/14 11:35, Jay Ashworth wrote:
> It *is in their commercial best interest (read: maximizing shareholder
> value) *NOT* to filter out DOS, DDOS, and spam traffic until their hand is
> forced -- it's actually their fiduciary duty not to.

That's short-sighted, but I agree in that that's what happens. Not 
filtering doesn't prevent them to operate.

> *THIS* is the problem we have to fix.

Source-based routing when going back to the backbone, at least on IPv6. 
It allows end-user multihoming with no BGP, and routers could be 
programmed to, by default, drop packages that don't know how to 
source-route, hence, automatically source filtering for those that don't 
care enough.

Difficult to do. Will take years to develop and adopt... if at all.

References:
- Why won't providers source-filter attacks? Simple.
  - From: jra at baylink.com (Jay Ashworth)

Prev by Date: Visual tools for RSVP-TE
Next by Date: NANOG 60 ATL Data Center Track Update
Previous by thread: Why won't providers source-filter attacks? Simple.
Next by thread: Why won't providers source-filter attacks? Simple.
Index(es):
- Date
- Thread