On Fri, 8 Jun 2001, Young, Beth A. wrote:
> OK, enough rambling but I don't see that a public ISP will be any different
> than this state run ISP. The end users are responsible for their actions.
> As a state entity, we have a slight advantage in that we can do end user
> education on a regular basis but that doesn't seem to make a difference....
You wouldn't accept BGP routes from them advertising entities outside of
their scope of responsibility, accepting sourced traffic under the same
provisions isn't a big leap.
You wouldn't let them put in CSU/DSUs that locked the one at your end of
the circuit, allowing them to connect routers that don't protect your
backbone isn't a big leap.
There is absolutely no legitimate reason for any ISP to let a customer
generate packets sourced from anything other than (a) their address space
or (b) a multicast group.
Connectivity requirements are fairly easy- just like not accepting IPX or
AT from the customer is pretty easy.
Service providers could *easily* mandate this for connectivity.
I'd be willing to try to dig up the code to re-spin up our anti-spoofing
test tool if we could get the bulk of providers to mandate this as a
connectivity requirement- then providers could get customers to prove
they'd filtered correctly.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
