IP: Re: Recent Internet Attacks and Critical Infrastructure Protection

[Dave Farber <farber@cis.upenn.edu>]

>To: farber@cis.upenn.edu
>Subject: Re: IP: Recent Internet Attacks and Critical Infrastructure 
>Protection
>From: "Perry E. Metzger" <perry@piermont.com>
>Date: 11 Feb 2000 18:14:28 -0500
>
>
>
>BTW, re: the recent spate of Internet attacks:
>
>A core problem no one is talking about is the continuing negligence of
>many, if not most, ISPs in deploying ingress filtering to block
>packets with forged source addresses as they enter the network.
>
>Were it not for this negligence, attempts at flood based attacks would
>be trivial to trace to their sources and would be easily
>blocked. Because ISPs frequently do not do the needed filtering,
>however, it is easy to inject packets with forged source addresses
>into the network. None of the attacks of the last few days would have
>been practical if the subverted systems used to launch the attacks had
>been behind such ingress filters.
>
>Since ingress filtering is done only on the periphery of a network, it
>is actually quite practical for an ISP to do -- large scale backbone
>routers need not be involved, and even fairly high bandwidth clients
>can be filtered with equipment available today.
>
>Given the current trends at ISPs, I am fearful that the only thing
>that will get this situation to change in the near term is a spate of
>negligence lawsuits by large companies aimed at ISPs that fail to
>filter their customer networks, resulting in successful attacks from
>said networks. An argument could be made that ISPs have a reasonable
>duty to block forged traffic, given how much harm it can cause in the
>network. I hate to see "social change through lawsuits" because once
>the lawyers are launched there often are no recall codes, but I don't
>see what else will work at this point.
>
>Perry