North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Who does source address validation? (was Re: what's that smell?)
> > 2. Spoof filtering. > > 3. Better tools to mitigate DOS/DDOS attacks. The technology exists > > for say, cable providers to reduce port scans and DOS type attacks. > > I would happily kick anyone doing anything that is conclusively abusive > off the net. But access providers aren't going to do this because it costs > them money. Being a good netizen doesn't do them any good. I'm reminded of > the two guys walking over the Serengeti, and they spot a lion. One guy > bends down to tie his shoe laces, and the other says: what are you doing, > you can't outrun a lion! The first guy says: I don't have to, as long as I > can outrun you. People aren't in any hurry to protect the common good, > they just want to keep one step ahead of those who get in trouble for not > doing enough. I guess you are describing the result of the bean counters' vision of an Ideal World colliding with the engineer's concept of poor technical practice. I can't buy the above reasoning, though, for two reasons. First, I just don't think there are bean counters clueful enough to sit around calculating return-on-investment (or lack thereof) on source- address filtering. And insofar as that is true, it is a mighty good thing, as it prolongs the time when engineering practice is still within the purview of engineers. Second, I think there are still enough people around who remember how Agis was hounded out of business for being spam-friendly. Nobody wants the same thing to happen to them, and to avoid it, will avoid even the perception of irresponsible operation.
|