[162048] in North American Network Operators' Group
RE: BCP38 tester?
daemon@ATHENA.MIT.EDU (Frank Bulk \(iname.com\))
Mon Apr 1 14:52:12 2013
From: "Frank Bulk \(iname.com\)" <frnkblk@iname.com>
To: "'Jay Ashworth'" <jra@baylink.com>,
"NANOG" <nanog@nanog.org>
In-Reply-To: <10659463.391.1364783689622.JavaMail.root@benjamin.baylink.com>
Date: Mon, 1 Apr 2013 13:50:11 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
The good news is that source address spoofing does seem to fail with =
most CPE's NAT. =20
At the end of the day, just turn on uRPF and/or use ACLs. It's amazing =
how much destination 192.168.0.0/24 and 192.168.1.0/24 our ACLs also =
block.
Frank
-----Original Message-----
From: Jay Ashworth [mailto:jra@baylink.com]=20
Sent: Sunday, March 31, 2013 9:35 PM
To: NANOG
Subject: Re: BCP38 tester?
----- Original Message -----
> From: "Alain Hebert" <ahebert@pubnix.net>
> An easy target would be anti-virus/trojan/security software
> providers that could add a BCP38 check to their software =3DD
Yes, but penetration is a problem, which is why I was thinking about
people like YouTube, Ookla, and the like.
Any Flash app that lots of people run frequently. Assuming those apps
could generate the packets, which, on reflection, I would bet they =
can't.
Cheers,
-- jra
--=20
Jay R. Ashworth Baylink =
jra@baylink.com
Designer The Things I Think =
RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land =
Rover DII
St Petersburg FL USA #natog +1 727 =
647 1274
