Comment Re:Yes, you do BCP38 spoof-dropping at source (Score 1) 312
Sure, but if you have 2 ISPs routing your traffic, you have 2 connections - ISP A doesn't manage traffic for ISP B - you probably have 2 lines in this circumstance (or what's the point of redundancy if its all carried through the same wire), so each ISP can filter their own IP traffic and ignore any from the other ISP - in fact, the 2nd ISP won;t even be seeing the 1st ISPs traffic.
Its only once that data gets to the common carrier level for routing over the wider internet does this kind of thing occur - at at that point its too late, the dodgy packets have left the building and are now considered valid.
And again, if a customer is an ISP then they are the ones who should be egress filtering their traffic in the first place, anything else is just irresponsible and letting others do your dirty work (as best they can, which as we see, isn't the best).
I find it interesting that carriers will complain about traffic and try to charge companies like Netflix, yet won't do anything about ISPs that send them large amounts of spoofed SYN packets. surely they should be asking for more money off ISPs who flood the upstream provider with such crap, then we might see them do something to prevent it!