Leo, On Mar 28, 2012, at 8:13 AM, Leo Bicknell wrote: >> #1) Money. >> #2) Laziness.
> While Patrick is spot on, there is a third issue which is related > to money and laziness, but also has some unique aspects. > > BCP38 makes the assumption that the ISP does some "configuration" > to insure only properly sourced packets enter the network. That > may have been true when BCP38 was written, but no longer accurately > reflects how networks are built and operated. An interesting assertion. I haven't looked at how end-user networks are built recently. I had assumed there continue to be customer aggregation points within ISP infrastructure in which BCP38-type filtering could occur. You're saying this is no longer the case? What has replaced it? > BCP38 needs > to be applied at the OEM level in equipment maufacturing, not at > the operational level with ISP's. I don't believe this is either/or. I agree that BCP38 features should be turned on by default in CPE, however I believe it really needs to be enforced at the ISP level. > As long as folks keep beating on (consumer) ISPs to implement BCP38, nothing > will happen. Optimist. Actually, given the uptick in spoofing-based DoS attacks, the ease in which such attacks can be generated, recent high profile targets of said attacks, and the full-on money pumping freakout about anything with "cyber-" tacked on the front, I suspect a likely outcome will be proposals for legislation forcing ISPs to do something like BCP38. Regards, -drc
