[169185] in North American Network Operators' Group
Re: "Everyone should be deploying BCP 38! Wait, they are ...."
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Feb 18 14:23:09 2014
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <72A422C9-40BE-4F19-A61F-70229C20D56D@ianai.net>
Date: Tue, 18 Feb 2014 14:22:13 -0500
To: Patrick Gilmore <patrick@ianai.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 18, 2014, at 1:40 PM, Patrick W. Gilmore <patrick@ianai.net> =
wrote:
> Barry is a well respected security researcher. I'm surprised he posted =
this.
>=20
> In his defense, he did it over a year ago (June 11, 2012). Maybe we =
should ask him about it. I'll do that now....
I'm not surprised in any regard. There are too many names for BCP-38, =
SAV, SSAC-004, BCP-84, Ingress Filtering, etc..
There are many networks that perform this best practice either by =
"default" through NAT/firewalls or by explicit configuration of the =
devices.
There are many networks that one will never be able to measure nor audit =
as well, but that doesn't mean we shouldn't continue to work on tracking =
back spoofed packets and reporting the attacks, and securing devices.
- Jared
