[AusNOG] MANRS Project - Fixing the Internet's routing security is urgent and requires collaboration
Mark Andrews
marka at isc.org
Mon Feb 29 16:33:25 EST 2016
In message <7C2274AD-8A9C-4BB3-8506-FF5F161EC147 at arbor.net>, "Roland Dobbins" w
rites:
> On 29 Feb 2016, at 10:07, Paul Wilkins wrote:
>
> > It's not very likely an optional code for US ISP's will have much
> > impact
> > down the Australian end of the internet.
>
> It isn't restricted to US ISPs - any operator is free to sign up for
> MANRS.
>
> > Would be very straight forward for the Federal Government to mandate
> > that all local ISPs implement source IP verification.
>
> It isn't that simple. There are lot of technical barriers (older
> equipment, topological scenarios which complicate matters, etc.) to be
> overcome. I'm a major advocate of universal source-address validation,
> but it can't be accomplished instantaneously, and without costs (both
> capex and opex).
BCP 38 (RFC 2827) was publish in 2000. That is 16 years to phase
in hardware that is capable of doing source address validation. At
this stage it needs the stick not the carrot.
It's time to stop accepting excuses. It's time to start fining
operators that don't filter spoofed traffic.
> A phased transition to mandatory source-address validation specifically
> on access networks - e.g., IDC networks and broadband access networks -
> would be something to consider.
>
> But it's far better for operators to do this on their own stick, rather
> than waiting for un-nuanced governmental regulations to be promulgated.
So 16 years is not enough time for them to do the right thing?
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the AusNOG
mailing list