nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: "Everyone should be deploying BCP 38! Wait, they are ...."

From: Jared Mauch <jared () puck nether net>
Date: Tue, 18 Feb 2014 14:22:13 -0500

On Feb 18, 2014, at 1:40 PM, Patrick W. Gilmore <patrick () ianai net> wrote:


Barry is a well respected security researcher. I'm surprised he posted this.

In his defense, he did it over a year ago (June 11, 2012). Maybe we should ask him about it. I'll do that now....


I'm not surprised in any regard.  There are too many names for BCP-38, SAV, SSAC-004, BCP-84, Ingress Filtering, etc..

There are many networks that perform this best practice either by "default" through NAT/firewalls or by explicit 
configuration of the devices.

There are many networks that one will never be able to measure nor audit as well, but that doesn't mean we shouldn't 
continue to work on tracking back spoofed packets and reporting the attacks, and securing devices.

- Jared
Previous By Date Next
Previous By Thread Next

Current thread: