On Sep 20, 2006, at 9:02 AM, James Kempf wrote:
Here's an idea (which, BTW, I'm not adovocating). ISPs agree that
if they detect spoofed packets from someone they cut off forwarding
to/from that AS until the problem is fixed. Really simple and
modestly straightforward to deploy, but not a technical solution.
It requires the RIRs and operator associations to issue a policy,
and the operators to agree to it.
well, there's the rub.
If the source address is spoofed, it's pretty hard to say what AS the
packet arrived from. If you can detect the spoofed packet on a link
to a neighboring AS, you could cut off that AS, but you won't know
whether that AS actually allowed it in or whether it has some other
customer that allowed it in. You only know it got to you.
Unless someone shows me numbers to the contrary, I'll bet that the
most probable case in which you will received spoofed packets is on
the links that give you the most packets, which is to say the ones
that pay you the most money or which you pay the most money to gain
access to. Cutting those connections off costs you real money.
Now, if the ISPs tell me they're willing to abide by such a policy,
I'm all for it, but I'll bet a good meal in a great restaurant that
they're not the ones that propose the idea.
Lots of incentive for operators to deploy. But there's really no
role for IETF in this, unless there is need for some technical
solution to propagate information on malfactors around, or to
terminate forwarding.
The problem is, most Internet types don't like this kind of thing.
It smacks of "regulation" (in fact, it is a kind of regulation,
self regulation). Personally, I think the Internet is better off
without a lot of regulation. If and when a significant chunk of
national economic activity moves online such that these kinds of
problems end up negatively impacting national GDP, the problem will
fix itself. Governments will step in, maybe the ITU will get
involved to ensure that the bad guys can't escape. I hope I'm not
around when that happens.
jak
_______________________________________________
SAVA mailing list
[EMAIL PROTECTED]
http://www.nrc.tsinghua.edu.cn/mailman/listinfo/sava
_______________________________________________
Int-area mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/int-area
