With addressing spoofing we just beat ourselves: We prevent any progress on
multipath routing without the chance to prevent the malicious attacks. We better
outsmart the abusers
than ourselves.
Heiner Hummel
In einer eMail vom 20.09.2006 15:40:56 Westeuropäische Normalzeit schreibt
[EMAIL PROTECTED]:
One area
of focus for SAVA is to actually create stronger incentives to
>
operators to apply source filters.
I think this is the key issue. Until
there are stronger incentives to put
source filters in place (or, shall we
say, stronger disincentives to not put
them in place), there will always
be some percentage of operators who just
don't do it. The incentives have
to be really strong, though, if you want to
get 100% coverage.
>
A second focus is to come up with a system which works if coverage does
> not approach 100%. BCP38 does not work because if 25% of the network
is
> not covered, then the blackhats can just choose where to launch
the attack
> from.
>
IMO, address spoofing is not really a
technical problem, it is a
social/political/legal/regulatory one, given
there is a known solution. It's
possible that there might be a technical
solution that doesn't require 100%
coverage, but it is likely to be much
more complicated, making it even less
likely to get deployed.
If
the primary issue is how to get operators to universally deploy source
filters, which isn't a technical issue, then is there really anything that
IETF can do?
jak
_______________________________________________
routing-discussion
mailing
list
[EMAIL PROTECTED]
https://www1.ietf.org/mailman/listinfo/routing-discussion
|
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
