On Jan 23, 2009, at 10:06 PM, David Conrad wrote:
Sad fact is that there are zillions of excuses. Unfortunately I
suspect the only way we're going to make any progress on this will
be for laws to be passed (or lawsuits to be filed) that impose a
financial penalty on ISPs through which these attacks propagate.
Yep, some external force is apparently necessary,
unfortunately.
We've been encouraging, and asking, and measuring intensely
for over a dozen years now, and the application of anti-
spoofing is still dismal < ~60%). I used to be sympathetic
to the arguments about infrastructure support, resources,
tools, etc.. I consider those argument no longer valid and
operators who don't implement ingress BCP 38 style filtering
remiss.
-danny
