Re: "Everyone should be deploying BCP 38! Wait, they are ...."

["Patrick W. Gilmore" <patrick () ianai net>]

Barry is a well respected security researcher. I'm surprised he posted this.

In his defense, he did it over a year ago (June 11, 2012). Maybe we should ask him about it. I'll do that now....

-- 
TTFN,
patrick

On Feb 18, 2014, at 13:31 , Dave Bell <me () geordish org> wrote:

> That article is terrible.
>
> Looking at the stats provided, only 2582 unique AS's were tested.
> http://www.cidr-report.org/as2.0/#General_Status has over 46k AS's
> currently in the routing table.
>
> This means they have tested around 5% of the AS's on the Internet.
>
> Dave
>
>
> On 18 February 2014 17:20, Jay Ashworth <jra () baylink com> wrote:
>
> > Here's a piece which uses the MIT ANA data to assert that the job is
> > mostly done already.
> >
> > Unless I'm very much mistaken, it appears that a large percentage of the
> > failed BCP 38 spoofing tests listed in that data are actually due to
> > customer side NAT routers dropping packets...
> >
> > which is of course egress filtering rather than ingress filtering, and
> > thus doesn't actually apply to our questions.
> >
> > Am I interpreting that correctly?
> >
> > http://www.senki.org/everyone-should-be-deploying-bcp-38-wait-they-are/
> >
> > (Oh, and bcp38.info is now the number 2 Ghit for "bcp38"; thanks to 5 new
> > contributors for signing up to help so far this week.)
> >
> > Cheers,
> > - jra
> > --
> > Sent from my Android phone with K-9 Mail. Please excuse my brevity.