Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: router worms and International Infrastructure

  • From: Pekka Savola
  • Date: Wed Sep 21 05:54:29 2005 
On Tue, 20 Sep 2005 Valdis.Kletnieks@vt.edu wrote:

On Tue, 20 Sep 2005 08:44:33 +0200, Gadi Evron said:


Whatever gets done and re-done is local, whether by ISP or country and
there is almost nothing getting done to treat this as a global, macro
problem, and actually put in measures to combat it.

RFC2827 came out in May 2000.

Based on its deployment history, where providers just have to act locally,
I suspect that a requirement that providers act globally will result in either:
Well.. it could be worse, according to the results in http://spoofer.csail.mit.edu/, at least by some metrics, about 2/3 or 3/4 of networks are unspoofable. That's already pretty good improvement..

FWIW, here in Finland the regulatory body is mandating certain amount of spoofing prevention and other things. Transit providers (to whatever definition of 'transit') could maybe also be a bit more strict on what they accept from downstream..

Btw. Juniper's Feasible Path uRPF (mentioned in RFC3704) is your friend, even on multihomed/asymmetric links.

--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings



Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.