nanog mailing list archives
Re: Request for comment -- BCP38
From: Paul Ferguson <fergdawgster () mykolab com>
Date: Mon, 26 Sep 2016 07:58:39 -0700
On Sep 26, 2016, at 7:47 AM, Stephen Satchell <list () satchell net> wrote: On 09/26/2016 07:11 AM, Paul Ferguson wrote:No -- BCP38 only prescribes filtering outbound to ensure that no packets leave your network with IP source addresses which are not from within your legitimate allocation.So, to beat that horse to a fare-thee-well, to be BCP38 compliant I need, on every interface sending packets out to the internet, to block any source address matching a subnet in the BOGON list OR not matching any of my routeable network subnets? Plus add null-route entries for all the BOGONs in my routing table so I don't send a bad destination packet to my upstream?
BCP38 only provides for disallowing spoofed packets into the Internet. Any additional filtering against bosons, etc., are probably a good idea, just not including specifically in BCP38. - ferg — Paul Ferguson ICEBRG.io Seattle, Washington, USA
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: Request for comment -- BCP38, (continued)
- Re: Request for comment -- BCP38 John Levine (Sep 26)
- Re: Request for comment -- BCP38 Mike Hammett (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 Mike Hammett (Sep 26)
- Message not available
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 John R. Levine (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 Elmar K. Bins (Sep 26)
- Re: Request for comment -- BCP38 Paul Ferguson (Sep 26)
- Re: Request for comment -- BCP38 Hugo Slabbert (Sep 26)
- Re: Request for comment -- BCP38 Seth Mattinen (Sep 26)