Do major ISPs still ignore IP spoofing?

Question

I was reading this question:

Why don't ISPs filter on source address to prevent spoofing?

and based on those answers, ISPs ignore it because of the overhead of checking for spoofing.

But that question is a bit old so I wanted to check if any development has been happening?

I just don't understand why it's so hard for ISPs to implement the first hops to check if the source IP is valid and record the given IP by the DHCP server for checking the validness of the IP? how can it be a big overhead?

For example, if someone starts spoofing a lot of IPs and does malicious activity like DDoS, will major ISPs detect it or they still don't check?

Answer 1

I first saw the original referenced question and answered there, but I'll copy/paste my answer here since and add some more details to your additional questions:

ISP's should implement anti-spoofing. IETF's BCP38 (written in 2000!) describes a best practice for networks to do network filtering filtering to reduce spoofing and thus prevent DDoS atacks, but unfortunately(?) there is no global authority which can force them to do so.

As others pointed out, costs of implementing it may be a reason not to do so. Lower revenues could be an argument as well for some networks: not forwarding traffic means sending lower bills to customers, so it can be a business decision not to filter. Depending on the exact infrastructure and topology, it may not be so easy as you think to filter. For example, some equipment may not support it or may only support a limited number of access lists. Also, some networks have to deal with multiple layers of NAT due to lack of publicly routeable IPv4 addresses, and some networks have dynamic customers which roam through their networks or even use multiple networks as their upstreams. There are also many networks which do not implement DHCP (contrary to what you suggested in one of your comments). All of these things can make it really quite complex to implement proper anti spoofing.

However, in the pas few years a growing number of ISP's have pledged to implement controls described in MANRS ("Mutually Agreed Norms for Routing Security "). One of the controls mentioned there is anti-spoofing. MANRS offers networks an extensive guide on implementing anti-spoofing in various ways in all kinds of setups with all sorts of equipment. Your claim that ISP's ignore it is not entirely correct (anymore). Just as MANRS has grown, many ISP's not pledging to follow MANRS did implement anti spoofing measures since they realized they were part of the problem.

Although spoofing still offers problems, more and more networks implement controls because they do realize they need to be sure they're not part of the problem. However, I'm sure that there will always be a fair number of networks who will not follow MANRS for various reasons, and also that there is a small number of networks who are willingly not filtering as a business model (and thus attracting more and more abuse). The only way to solve that, will be for all large (tier 1/2) networks to implement strict filtering, so that it becomes harder for these malicious networks to get their spoofed traffic routed across the internet.