(Mobile device) On Mar 26, 2013, at 11:06 AM,valdis.kletni...@vt.edu wrote:
> On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said: > >> Do we need to define a flag day, say one year hence, and start making the >> sales pitch to our Corporate Overlords that we need to apply the IDP to >> edge connections which cannot prove they've implemented BCP38 (or at very >> least, the source address spoofing provisions thereof)? > > How would one prove this? (In particular, consider the test "have them > download the spoofer code from SAIL and run it" - I'm positive there will > be sites that will put in a /32 block for the test machine so it "fails" > to spoof but leave it open for the rest of the net). Well, I'm not sure this is what's being suggested by Jay, but many peering agreements/policies have something in them that say "prevent spoofing to best effort". Such statements could be strengthened in a global effort, and then spoofed source addresses could lead to depeering much faster/harder than what happens today. It would be reactionary rather than proactive, but still better than what we have now where spoofing is kind of like "it can't be helped". -- Darius Jahandarie
