Whither Cometh BCP38?

• Previous message (by thread): Problems connecting to Web-sites hosted by XO/Concentric
• Next message (by thread): Whither Cometh BCP38?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Off a comment Vix made in another thread this weekend, what is the current
status, to the degree to which anyone knows and is permitted to say, of
the deployment of RFC 3704, BCP 38, to block IP address spoofing at the 
ingress edge of large consumer eyeball networks?

When the BCP was first release, as I recall it, much noise was made to
suggest that it was cost-ineffective and impractical to deploy it because
the current state of edge devices was such that it wasn't a simple knob-turn.

Is that still true (or not, as I expect), and if common edge concentrators
do now support easy filtering to drop packets with improper or invalid 
source addresses, is this being utilized in the wide area...

and if not, why the hell not?

Or are spoofed-source-address attacks not, as Vix suggests, significant
and trending upwards?

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

• Previous message (by thread): Problems connecting to Web-sites hosted by XO/Concentric
• Next message (by thread): Whither Cometh BCP38?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]