North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Yahoo! Lessons Learned
Daniel Senie <[email protected]> wrote: > While implementing these measures may not directly benefit your network, > doing so may thwart an attack against someone else's net. Tomorrow, the > roles could be reversed. As with many areas of managing the Internet, > cooperation is key. Yep. Actually, tier-1 ISPs can write the requirement for reverse-path source IP address verification on customer access circuits into their peering agreements. An enforcement can take a form of penalties per verified incident of forged source address attack originating in peer's network. (The adversarial IP perfix filtering was needed to institute such prefix-reduction policies as aggregation and address allocation out of ISP blocks. I remember that purely voluntary efforts were pretty much derailed by negligience of some ISPs (why AS 174 comes to the mind? :) I do not expect reverse path filtering to be any different in terms of deployment problems.) --vadim
|