nanog mailing list archives
Re: "Everyone should be deploying BCP 38! Wait, they are ...."
From: Tony Tauber <ttauber () 1-4-5 net>
Date: Tue, 18 Feb 2014 16:52:04 -0500
I agree that Barry's post can be read in misleading ways and I seem to recall chatting about that with him at some point. As to one poster's comment about random sampling, I'm pretty sure the Spoofer project likely fell short in a number of ways (e.g. being documented in not every language). So, if NATs prevent (many? most?) end-user machines for being able inject spoofed IPv4 source addresses (IPv6 home gateways may well not provide such protection), maybe we should conclude that most of the spoofing is coming from somewhere else; perhaps including colo and cloud providers. I wonder how many users/admins of those kinds of machines ran the Spoofer test SW. Tony On Tue, Feb 18, 2014 at 2:22 PM, Jared Mauch <jared () puck nether net> wrote:
On Feb 18, 2014, at 1:40 PM, Patrick W. Gilmore <patrick () ianai net> wrote:Barry is a well respected security researcher. I'm surprised he postedthis.In his defense, he did it over a year ago (June 11, 2012). Maybe weshould ask him about it. I'll do that now.... I'm not surprised in any regard. There are too many names for BCP-38, SAV, SSAC-004, BCP-84, Ingress Filtering, etc.. There are many networks that perform this best practice either by "default" through NAT/firewalls or by explicit configuration of the devices. There are many networks that one will never be able to measure nor audit as well, but that doesn't mean we shouldn't continue to work on tracking back spoofed packets and reporting the attacks, and securing devices. - Jared
Current thread:
- "Everyone should be deploying BCP 38! Wait, they are …." Jay Ashworth (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Dave Bell (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Patrick W. Gilmore (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jared Mauch (Feb 18)
- Changing the way we talk about BCP38 [Was: Re: "Everyone should be deploying BCP 38! Wait, they are ...."] Paul Ferguson (Feb 18)
- Re: Changing the way we talk about BCP38 [Was: Re: "Everyone should be deploying BCP 38! Wait, they are ...."] Dobbins, Roland (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Tony Tauber (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Dobbins, Roland (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Patrick W. Gilmore (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Dave Bell (Feb 18)
- <Possible follow-ups>
- Re: "Everyone should be deploying BCP 38! Wait, they are …." Larry Sheldon (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." James Milko (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Robert Drake (Feb 18)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jay Ashworth (Feb 18)
- RE: "Everyone should be deploying BCP 38! Wait, they are ...." Adam Vitkovsky (Feb 20)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." Jay Ashworth (Feb 20)
- Re: "Everyone should be deploying BCP 38! Wait, they are ...." James Milko (Feb 18)