North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BCP38 making it work, solving problems

  • From: Edward B. Dreger
  • Date: Mon Oct 11 09:51:15 2004

SD> Date: Sun, 10 Oct 2004 21:35:33 -0400 (EDT)
SD> From: Sean Donelan

SD> People think BCP38 means the packets could only originate
SD> from you.

Were BCP38 universal, this would be true.  If one receives a
packet, it's either from the supposed source or a network that
allows spoofing.  If no networks allow spoofing, it came from the
supposed source.

SD> [P]eople don't complain to the source of spoofed packet.
SD> People complain to IANA about attacks coming from Net-10.

They complain to the perceived source.  Many Internet users are
shocked at how trivial it is to forge email/packet sources; I
guess they're used to services like caller ID where the end user
isn't [traditionally] given the power to spoof.

Then there's postal mail.  At least sending spoofed packets is
more costly than IP, and end-user packets frequently are tagged
with an ingress label.

Everquick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
DO NOT send mail to the following addresses:
[email protected] -*- [email protected] -*- [email protected]
Sending mail to spambait addresses is a great way to get blocked.