Re: an effect of ignoring BCP38

• From: Valdis . Kletnieks
• Date: Mon Sep 08 11:48:01 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Sat, 06 Sep 2008 06:49:05 PDT, k claffy said:
> 
> do that many networks really allow spoofing?  i used
> to think so, based on hearsay, but rob beverly's
> http://spoofer.csail.mit.edu/summary.php suggests
> things are a lot better than they used to be, arbor's
> last survey echos same.  are rob's numbers inconsistent
> with numbers anyone else believes to be true?

You can easily have a network configuration where 95% of the networks
do very stringent BCP38 on their customer-facing connections, but the
spoofing sources are carefully chosen to be within the 5% of places that
aren't filtering...

Plus, there's nothing that says that a network can't do BCP38 on 99.998%
of its ports, but has a punchout for the 3 or 4 ports that need it for
network monitoring/research.  So a network could be reported as "non-spoofable"
to the MIT project, *and* still provide a sensor machine for the reverse
path project...

Attachment: pgp00015.pgp
Description: PGP signature

• References:
  • Re: Force10 Gear - Opinions Jo Rhett
  • Re: Force10 Gear - Opinions Paul Wall
  • RE: Force10 Gear - Opinions James Jun
  • BCP38 dismissal Jo Rhett
  • Re: BCP38 dismissal Gadi Evron
  • Re: BCP38 dismissal Patrick W. Gilmore
  • Re: BCP38 dismissal Gadi Evron
  • Re: an effect of ignoring BCP38 k claffy

• Prev by Date: Re: why not AS number based prefixes aggregation
• Next by Date: Re: why not AS number based prefixes aggregation
• Date Index
• Thread Index
• Author Index
• Historical