On Wed, 28 Mar 2012, Bingyang LIU wrote:
the provider may not be able to protect its customers, because ingress
filtering (including uRPF) is inefficient when done near the
destination. In other words, an ISP can deploy BCP38 or whatever, but
still cannot well protect its customers from spoofing attacks from
other ASes.

The ASes which enable spoofing need to have some penalty imposed or they will never engage in correct behavior.

Something like throwing all their traffic into scavenger class.

If their customers start complaining to them, maybe then they will shape up.

-Dan

Reply via email to