nanog mailing list archives

Re: Whither Cometh BCP38?

From: Jay Ashworth <jra () baylink com>
Date: Mon, 11 Jun 2012 12:09:18 -0400 (EDT)

----- Original Message -----

From: "Roland Dobbins" <rdobbins () arbor net>

On Jun 11, 2012, at 10:13 PM, Jay Ashworth wrote:

Or are spoofed-source-address attacks not, as Vix suggests,
significant and trending upwards?


They're enjoying a renaissance because of attackers leveraging
spoofing in order to enable DNS, SNMP, and ntp
reflection/amplification DDoS attacks.


Ok, so your comment confirms that there's still a problem, and Mikael's,
that the tools to stop it from actually being a problem can *reasonably* 
be expected to be in place in a reasonably large number of places where
they're needed.

So, are the knobs actually on?  (I'm guessing "clearly, not")

Why?

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

Current thread:

Whither Cometh BCP38? Jay Ashworth (Jun 11)
- Re: Whither Cometh BCP38? Dobbins, Roland (Jun 11)
  - Re: Whither Cometh BCP38? Jay Ashworth (Jun 11)
    - Re: Whither Cometh BCP38? Dobbins, Roland (Jun 11)
    - RE: Whither Cometh BCP38? Matlock, Kenneth L (Jun 11)
- Re: Whither Cometh BCP38? Mikael Abrahamsson (Jun 11)
  - Re: Whither Cometh BCP38? Justin M. Streiner (Jun 13)
- RE: Whither Cometh BCP38? Ronald Bonica (Jun 11)