<html><head><meta http-equiv="Content-Type" content="text/html charset=gb2312"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">How about source validation on open resolvers themselves? which means all open resolvers only serve it’s local users.<div class=""><br class=""></div><div class=""><div><blockquote type="cite" class=""><div class="">在 2015年12月21日,09:25,Joe Abley <<a href="mailto:jabley@hopcount.ca" class="">jabley@hopcount.ca</a>> 写道:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hi there,<br class=""><br class="">On Dec 20, 2015, at 20:10, Yonghua Peng <<a href="mailto:pyh@cloud-china.org" class="">pyh@cloud-china.org</a>> wrote:<br class=""><br class=""><blockquote type="cite" class="">BCP 38 is nice, but it's a passive way of defense against DDoS.<br class=""></blockquote><br class="">I presume what you mean is that it's an absolute defence against<br class="">attacks that rely upon being able to spoof source addresses.<br class=""><br class="">The trouble with BCP 38 is not its utility, but the fact that to date<br class="">nobody has found a reliable way to motivate everybody to deploy it,<br class="">for operationally-sufficient values of "everybody".<br class=""><br class=""><blockquote type="cite" class="">There is a Chinese old saying, 靠人不如靠己.<br class=""></blockquote><br class="">You can lead a horse to water, but maybe it didn't come from where you<br class="">thought it did and quite possibly it's not even a horse.<br class=""><br class=""><br class="">Joe<br class=""><br class="">_______________________________________________<br class="">dns-operations mailing list<br class=""><a href="mailto:dns-operations@lists.dns-oarc.net" class="">dns-operations@lists.dns-oarc.net</a><br class="">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br class="">dns-jobs mailing list<br class="">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</div></div></blockquote></div><br class=""><div apple-content-edited="true" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">------------------------------</div><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Davey Song(宋林健)<br class="">BII Lab<br class=""><a href="mailto:songlinjian@gmail.com" class="">songlinjian@gmail.com</a><br class=""><br class=""></div></div>
</div>
<br class=""></div></body></html>