North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: an effect of ignoring BCP38
On Sep 6, 2008, at 6:49 AM, k claffy wrote:
do that many networks really allow spoofing? i used to think so, based on hearsay, but rob beverly's http://spoofer.csail.mit.edu/summary.php suggests things are a lot better than they used to be, arbor's last survey echos same. are rob's numbers inconsistent with numbers anyone else believes to be true?
I hate to spoil anyone's fantasies about this topic, but yeah. Nearly everyone does.
I've been in, near, or directly in touch with enough big provider NOCs in the last year on various DoS attach research issues, and nearly nobody... that's right NONE of them were using BCP38 consistently. Name the five biggest providers you can think of. They ain't doing it. Now name the five best transit providers you can think of. They ain't doing it either. (note that all of these claimed to be doing so in that survey, but during attack research they admitted that it was only in small deployments)
If someone told me (truthfully) that there was 10% BCP38 compliance out there, I'd be surprised given what I have observed.
We don't have a long ways to finish. We have a long ways to start. Finishing isn't even within the horizon yet.
Net Consonance : consonant endings by net philanthropy, open source and other randomness