[161998] in North American Network Operators' Group
Re: BCP38 tester?
daemon@ATHENA.MIT.EDU (Jason Lixfeld)
Sun Mar 31 21:36:19 2013
From: Jason Lixfeld <jason@lixfeld.ca>
In-Reply-To: <28787874.307.1364741335939.JavaMail.root@benjamin.baylink.com>
Date: Sun, 31 Mar 2013 21:36:03 -0400
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2013-03-31, at 10:48 AM, Jay Ashworth <jra@baylink.com> wrote:
> Is there a program which users can run on an end-site workstation =
which
> would test whether they are being some link which is doing BCP38, or =
some
> related type of source-address ingress filtering?
>=20
> I'm hoping for something that could be downloaded by users and run, =
and
> try to forge a few packets to somewhere useful, which could be logged=20=
> somehow in conjunction with some unforged packets containing a =
traceroute,=20
> so we could build up a database of leaky networks.
>=20
> On a related topic, while I know GRC Research's Steve Gibson is a bit =
of
> a polarizing personality, he does have a fairly sizable consumer =
audience,
> and might be a great distribution venue for such a thing.
>=20
> Or, perhaps, is there someone on here from Ookla?
>=20
> Patrick? Could Akamai be persuaded to take an interest in this as a=20=
> research project?
=46rom my perspective, 99% of end-users probably don't understand (or =
care) that their provider might be responsible for initiating or =
precipitating a DDoS attacks, period. Most network operators are =
probably either too inexperienced to understand or too lazy to care.
I believe that most everyone has a CPE of some sort, whether their =
service is resi or commercial. So, what about shifting the focus to the =
CPE manufacturers? They bend to technology and/or market pressures by =
bringing things like NAT, Firewalls, DLNA, UPnP, IPv6 (heh), PPPoE, =
RFC1483, etc. to their respective products in to satisfy technology =
limitations or security concerns or whatever. Why can't they help the =
cause by implementing some sort of RFC'ified BCP38 thing?=
