On Thu, 11 Jul 2002, Kurt Erik Lindqvist wrote:
--On Thursday, July 11, 2002 11:23:59 +0000 Christopher Sharp <ripe-lir-wg@chriss.net> wrote:
On Thu, 11 Jul 2002 11:31:57 +0200, Kurt Erik Lindqvist <kurtis@kurtis.pp.se> wrote:
On a side note - can we also get those major ISPs to filter packets received from their customers based on the from address?
You could try :-)
The argument I normally hear is that people want to be lenient to customers but tough on outsiders. Hence bogon filters invariably get placed on ingress peering points rather than customer interfaces of which there are far more.
Interesting thing is that I am pretty sure that those large ISPs abuse groups are probaly more busy with dealing with the effects of not filtering customers, than their NOCs are with dealing with the effects from not filtering bogon routes...
In addition, I fail to see what _leniency_ here is. If the ISP doesn't do ingress filtering from the direction of the customer, it will be done somewhere in the internet anyway. Is it not _better_ for the customer to get the block immediately (e.g. in the case of misconfigured addresses), rather than have to wait for someone distant to do it. They won't be getting return packets _anyway_... -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords