[169186] in North American Network Operators' Group
Changing the way we talk about BCP38 [Was: Re: "Everyone should be
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Tue Feb 18 14:44:00 2014
Date: Tue, 18 Feb 2014 11:43:25 -0800
From: Paul Ferguson <fergdawgster@mykolab.com>
To: nanog@nanog.org
In-Reply-To: <FB0D7697-3810-48C3-92C7-53EC026E0DE9@puck.nether.net>
Reply-To: fergdawgster@mykolab.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Below:
On 2/18/2014 11:22 AM, Jared Mauch wrote:
>
> On Feb 18, 2014, at 1:40 PM, Patrick W. Gilmore <patrick@ianai.net>
> wrote:
>
>> Barry is a well respected security researcher. I'm surprised he
>> posted this.
>>
>> In his defense, he did it over a year ago (June 11, 2012). Maybe
>> we should ask him about it. I'll do that now....
>
> I'm not surprised in any regard. There are too many names for
> BCP-38, SAV, SSAC-004, BCP-84, Ingress Filtering, etc..
>
This is why I am now using the phrase "anti-spoofing" when talking
about this in public. It far less cryptic, and I am breaking into
bite-sized components that people can actually understand.
As engineers & technical people, we need to start using language
people can wrap their brains around easily.
Remember: We are living in the age of instant gratification and
Attention Deficit Disorder. :-)
- - ferg
> There are many networks that perform this best practice either by
> "default" through NAT/firewalls or by explicit configuration of the
> devices.
>
> There are many networks that one will never be able to measure nor
> audit as well, but that doesn't mean we shouldn't continue to work
> on tracking back spoofed packets and reporting the attacks, and
> securing devices.
>
> - Jared
>
>
>
>
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlMDt90ACgkQKJasdVTchbIBrwD/YyUeK4SvS6grQdarKnoJiZXD
2YoTf+lRXpXnkSTPUdUA/3TH8jnXNx6DkOw9nkbVIi6Ek8ehTLUPpDPBe0oELQj4
=Cf2C
-----END PGP SIGNATURE-----
