an effect of ignoring BCP38

Jo Rhett jrhett at netconsonance.com
Thu Sep 11 02:28:25 CDT 2008


On Sep 6, 2008, at 6:49 AM, k claffy wrote:
> do that many networks really allow spoofing?  i used
> to think so, based on hearsay, but rob beverly's
> http://spoofer.csail.mit.edu/summary.php suggests
> things are a lot better than they used to be, arbor's
> last survey echos same.  are rob's numbers inconsistent
> with numbers anyone else believes to be true?


I hate to spoil anyone's fantasies about this topic, but yeah.    
Nearly everyone does.

I've been in, near, or directly in touch with enough big provider NOCs  
in the last year on various DoS attach research issues, and nearly  
nobody... that's right NONE of them were using BCP38 consistently.   
Name the five biggest providers you can think of.  They ain't doing  
it.   Now name the five best transit providers you can think of.  They  
ain't doing it either.  (note that all of these claimed to be doing so  
in that survey, but during attack research they admitted that it was  
only in small deployments)

If someone told me (truthfully) that there was 10% BCP38 compliance  
out there, I'd be surprised given what I have observed.

We don't have a long ways to finish.  We have a long ways to start.   
Finishing isn't even within the horizon yet.

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source  
and other randomness






More information about the NANOG mailing list