North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re[2]: New Denial of Service Attack on Panix
from the quill of "Kent W. England" <[email protected]> on scroll <[email protected]> > We need a general consensus in order for any one of us to justify the > effort > required to install source address filters. That means that > representatives > from major backbone ISPs must announce that they will install filters > (not > at the MAEs) in response to this new threat and that they expect that > their > peers will too. I'm not one of those major backbone ISP network > engineers, but I would hope that for the sake of all of us, that those > who > are will roll their eyes heavenward, take a deep breath, and do what > needs > to be done. I know it's easy for me to say, but nevertheless ... If the backbones agree that this is what needs doing, then perhaps a financial penalty should be levied against upstream sites that have allowed forged addresses to enter the backbone networks. Whenever one of these forgers needs to be tracked one almost certainly needs to cross at least one backbone provider to do the tracing. One will eventually find the backbone provider providing service to the 1st tier ISP, which may lead to a second tier ISP and so on. If the time spent to find the 1st tier ISP were charged back to that ISP he would certainly be able to justify the cost of the filtering. That first tier has the option to pass the cost on to it's offending customer. Which also gives incentive to find the next hop from where the packets are coming. I hate financial penalties as much as the next guy, but when facing somebody whose excuse for ignoring the requirement is cost, make the apathy a cost as well. b. -- Brian J. Murrell [email protected] BCTel Advanced Communications [email protected] Vancouver, B.C. [email protected] 604 454 5279 - - - - - - - - - - - - - - - - -
|