[161743] in North American Network Operators' Group
Re: BCP38 - Internet Death Penalty
daemon@ATHENA.MIT.EDU (Darius Jahandarie)
Tue Mar 26 11:31:46 2013
In-Reply-To: <43218.1364310365@turing-police.cc.vt.edu>
From: Darius Jahandarie <djahandarie@gmail.com>
Date: Tue, 26 Mar 2013 11:19:36 -0400
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
(Mobile device)
On Mar 26, 2013, at 11:06 AM,Valdis.Kletnieks@vt.edu wrote:
> On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
>=20
>> Do we need to define a flag day, say one year hence, and start making the=
>> sales pitch to our Corporate Overlords that we need to apply the IDP to
>> edge connections which cannot prove they've implemented BCP38 (or at very=
>> least, the source address spoofing provisions thereof)?
>=20
> How would one prove this? (In particular, consider the test "have them
> download the spoofer code from SAIL and run it" - I'm positive there will
> be sites that will put in a /32 block for the test machine so it "fails"
> to spoof but leave it open for the rest of the net).
Well, I'm not sure this is what's being suggested by Jay, but many peering a=
greements/policies have something in them that say "prevent spoofing to best=
effort". Such statements could be strengthened in a global effort, and then=
spoofed source addresses could lead to depeering much faster/harder than wh=
at happens today. It would be reactionary rather than proactive, but still b=
etter than what we have now where spoofing is kind of like "it can't be help=
ed".
--=20
Darius Jahandarie=
