Whither Cometh BCP38?
Jay Ashworth
jra at baylink.com
Mon Jun 11 15:13:22 UTC 2012
Off a comment Vix made in another thread this weekend, what is the current
status, to the degree to which anyone knows and is permitted to say, of
the deployment of RFC 3704, BCP 38, to block IP address spoofing at the
ingress edge of large consumer eyeball networks?
When the BCP was first release, as I recall it, much noise was made to
suggest that it was cost-ineffective and impractical to deploy it because
the current state of edge devices was such that it wasn't a simple knob-turn.
Is that still true (or not, as I expect), and if common edge concentrators
do now support easy filtering to drop packets with improper or invalid
source addresses, is this being utilized in the wide area...
and if not, why the hell not?
Or are spoofed-source-address attacks not, as Vix suggests, significant
and trending upwards?
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
More information about the NANOG
mailing list