[194760] in North American Network Operators' Group
Re: BCP38/84 and DDoS ACLs
daemon@ATHENA.MIT.EDU (Matthew Luckie)
Thu Jun 1 08:34:02 2017
X-Original-To: nanog@nanog.org
Date: Sun, 28 May 2017 08:31:21 +1200
From: Matthew Luckie <mjl@caida.org>
To: Graham Johnston <johnstong@westmancom.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
> This doesn't seem quite like it is BCP38 and more like this is
> BCP84, but it only talks about use of ACLs in section 2.1 without
> providing any examples. Given that it is also 13 years old I thought
> there might be fresher information out there.
section 2.1 is about permitting packets from specific address ranges.
If you want to assess the dynamism or size of ACL required for a given
AS, place the AS into this URL:
https://spoofer.caida.org/prefixes.php?asn=1909
Matthew
--tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQTXPLTkr00GLuDVs20rK4MpIRAAYAUCWSniFgAKCRArK4MpIRAA
YEvhAJ4hBhhiirXH1QTIMaV2FCDI4FF5bACeLpVZP+vYX2wVVkMyyJokABzVsaU=
=KtLt
-----END PGP SIGNATURE-----
--tKW2IUtsqtDRztdT--
