[168243] in North American Network Operators' Group
Re: OpenNTPProject.org
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Thu Jan 16 09:31:05 2014
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG mailing list <nanog@nanog.org>
Date: Thu, 16 Jan 2014 14:30:35 +0000
In-Reply-To: <20140114170513.GA26030@pob.ytti.fi>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 15, 2014, at 12:05 AM, Saku Ytti <saku@ytti.fi> wrote:
> (We do BCP38 on all ports and verify programmatically, but I know it's no=
t at all practical solution globally for access).
Anti-spoofing is eminently practical for most types of access network topol=
ogies using even slightly modern equipment; uRPF, ACLs, cable IP source ver=
ify, DHCP Snooping (which works just fine with fixed-address hosts), PACLs/=
VACLs, et. al. are some of the more prevalent mechanisms available.
In point of fact, anti-spoofing is most useful and most practical at the ac=
cess-network edge, or as close to it as possible.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
