[e2e] It's all my fault
jeroen at unfix.org
Sat May 12 09:02:27 PDT 2007
Randy Bush wrote:
> it would be considerably more helpful if, instead of ad homina and
> vituperation, you actually spoke to the rh0 security issues and possible
> approaches to mitigation as a technical and engineering problem.
Well, one of the main mitigation methods is very easy, and actually
already takes care that RH0 is useless: uRPF.
If all networks would properly implement BCP38 and thus do RPF checks
packet bouncing would not be possible.
Unfortunately there are a lot of networks connected to the Internet who
are not following the Best Common Practices.
IMHO there should be an organization that keeps a close eye on Internet
providers, that is organisztions who carry packets from A to B. Their
job would be to say "this organization is taking good care of their
network, they apply BCP38, they resolve problems in adequate manner etc".
Then, as an operator who is following this organization one can sandbox
the organizations (read: prefixes/asn's) who are not belonging to this
and let them play on the toy Internet.
Then, when there is a mechanism similar to RH0, you can actually trust
your peers to resolve problems quickly, instead of having to wail
because finding the source of the problem is impossible and contacting
the right people to get it fixed is not possible either.
Of course, the first thing that one does is contact the upstream etc,
but as the upstream at a certain point is a transit they will say "we do
not know where it is coming from".
Nice issues: technical with a flake of politics.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 311 bytes
Desc: OpenPGP digital signature
Url : http://mailman.postel.org/pipermail/end2end-interest/attachments/20070512/0ec8a8d8/signature.bin
More information about the end2end-interest