North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BCP38 dismissal

  • From: Jo Rhett
  • Date: Thu Sep 11 03:47:17 2008
On Sep 7, 2008, at 12:18 AM, Randy Bush wrote: 
normally i would have just hit delete.  but your ad hominem attack on
the messenger need a response.

the reality of life is that he is correct in that "attack traffic comes
from legitimate IP sources anyway."

therefore, your first duty should be to keep your hosts from joining the
massive army of botnets.


Having no hosts, I can't do much about that other than use various good best practices (including BCP38), run ids units looking for compromised hosts, and respond quickly to each abuse report if my IDS doesn't observe it first.

Given that I know of no provider larger than us using BCP38 on every port, and no other provider larger than us that responds to every abuse report, it would appear that we are top of the class in that aspect.

Therefore, when someone says "I don't need to do BCP38" because BCP38 doesn't cause problems for them, I consider them a jerk. And yeah, I feel pretty confident looking down my nose at someone like that.

--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other randomness