nanog mailing list archives
Changing the way we talk about BCP38 [Was: Re: "Everyone should be deploying BCP 38! Wait, they are ...."]
From: Paul Ferguson <fergdawgster () mykolab com>
Date: Tue, 18 Feb 2014 11:43:25 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Below: On 2/18/2014 11:22 AM, Jared Mauch wrote:
On Feb 18, 2014, at 1:40 PM, Patrick W. Gilmore <patrick () ianai net> wrote:Barry is a well respected security researcher. I'm surprised he posted this. In his defense, he did it over a year ago (June 11, 2012). Maybe we should ask him about it. I'll do that now....I'm not surprised in any regard. There are too many names for BCP-38, SAV, SSAC-004, BCP-84, Ingress Filtering, etc..
This is why I am now using the phrase "anti-spoofing" when talking about this in public. It far less cryptic, and I am breaking into bite-sized components that people can actually understand. As engineers & technical people, we need to start using language people can wrap their brains around easily. Remember: We are living in the age of instant gratification and Attention Deficit Disorder. :-) - - ferg
There are many networks that perform this best practice either by "default" through NAT/firewalls or by explicit configuration of the devices. There are many networks that one will never be able to measure nor audit as well, but that doesn't mean we shouldn't continue to work on tracking back spoofed packets and reporting the attacks, and securing devices. - Jared
- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlMDt90ACgkQKJasdVTchbIBrwD/YyUeK4SvS6grQdarKnoJiZXD 2YoTf+lRXpXnkSTPUdUA/3TH8jnXNx6DkOw9nkbVIi6Ek8ehTLUPpDPBe0oELQj4 =Cf2C -----END PGP SIGNATURE-----
Current thread:
- "Everyone should be deploying BCP 38! Wait, they are …." Jay Ashworth (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Dave Bell (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Patrick W. Gilmore (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jared Mauch (Feb 18)
- Changing the way we talk about BCP38 [Was: Re: "Everyone should be deploying BCP 38! Wait, they are ...."] Paul Ferguson (Feb 18)
- Re: Changing the way we talk about BCP38 [Was: Re: "Everyone should be deploying BCP 38! Wait, they are ...."] Dobbins, Roland (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Tony Tauber (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Dobbins, Roland (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Patrick W. Gilmore (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Dave Bell (Feb 18)
- <Possible follow-ups>
- Re: "Everyone should be deploying BCP 38! Wait, they are …." Larry Sheldon (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." James Milko (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Robert Drake (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jay Ashworth (Feb 18)
- RE: "Everyone should be deploying BCP 38! Wait, they are ...." Adam Vitkovsky (Feb 20)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jay Ashworth (Feb 20)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." James Milko (Feb 18)