[169181] in North American Network Operators' Group
Re: "Everyone should be deploying BCP 38! Wait, they are ...."
daemon@ATHENA.MIT.EDU (Patrick W. Gilmore)
Tue Feb 18 13:41:29 2014
From: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <CACXVQYDHs-2efi+PGShSNEP96U5EeyYBPLDtzbgh2SYxF2XGUg@mail.gmail.com>
Date: Tue, 18 Feb 2014 13:40:52 -0500
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Barry is a well respected security researcher. I'm surprised he posted =
this.
In his defense, he did it over a year ago (June 11, 2012). Maybe we =
should ask him about it. I'll do that now....
--=20
TTFN,
patrick
On Feb 18, 2014, at 13:31 , Dave Bell <me@geordish.org> wrote:
> That article is terrible.
>=20
> Looking at the stats provided, only 2582 unique AS's were tested.
> http://www.cidr-report.org/as2.0/#General_Status has over 46k AS's
> currently in the routing table.
>=20
> This means they have tested around 5% of the AS's on the Internet.
>=20
> Dave
>=20
>=20
> On 18 February 2014 17:20, Jay Ashworth <jra@baylink.com> wrote:
>=20
>> Here's a piece which uses the MIT ANA data to assert that the job is
>> mostly done already.
>>=20
>> Unless I'm very much mistaken, it appears that a large percentage of =
the
>> failed BCP 38 spoofing tests listed in that data are actually due to
>> customer side NAT routers dropping packets...
>>=20
>> which is of course egress filtering rather than ingress filtering, =
and
>> thus doesn't actually apply to our questions.
>>=20
>> Am I interpreting that correctly?
>>=20
>> =
http://www.senki.org/everyone-should-be-deploying-bcp-38-wait-they-are/
>>=20
>> (Oh, and bcp38.info is now the number 2 Ghit for "bcp38"; thanks to 5 =
new
>> contributors for signing up to help so far this week.)
>>=20
>> Cheers,
>> - jra
>> --
>> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>>=20
>=20
