James Hess wrote: > For now.. with 1gigabit residential connections, BCP 38 OUGHT to be > Google's answer. If Google handles that properly, they _should_ > make it mandatory that all traffic from residential customers be > filtered, in all cases, in order to only forward packets with > their legitimately assigned or registry-issued publicly verifiable > IP prefix(es) in the IP source field. Must be mandatory even for > 'resellers', otherwise there's no point.
The amount of DOS that is spoofed today is by all reports significantly lower as percentage of overall DOS than it was in say 2000. BCP 38 is all fine and dandy, and you should implement it, but it's not going to stop the botnets. > And Google should provide _reasonable_ response to investigate manual > abuse reports to well-publicized points of contact which go directly > to a well-staffed dedicated abuse team, with authority and a clear and > expeditious resolution process, as a bare minimum, and in addition > to any and all automatic measures. > > > P.S. reasonable abuse response is not defined as a 4-day delayed > answer to a 'help, no contact addresses will answer me' post on nanog > (long after automated processes finally kicked in).. Reasonable > response to a continuous 1gigabit flood or 100 kilopacket flood > should be less than 12 hours. > > If they think things through carefully (rather than copy+paste > Google groups e-mail abuse management), it'll probably be alright > > -- > -J >
