BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

• Previous message (by thread): BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
• Next message (by thread): BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 3, 2014 10:23 AM, "Paul Ferguson" <fergdawgster at mykolab.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 2/2/2014 2:17 PM, Cb B wrote:
>
> > And, i agree bcp38 would help but that was published 14 years ago.
>
> But what? Are you somehow implying that because BCP38 was
> "...published 14 years ago" (RFC2267 was initially published in 1998,
> and it was subsequently replaced by RFC2827)?
>
> I hope not, because  BCP38 filtering would still help stop spoofed
> traffic now perpetuating these attacks, 14 years after BCP38 was
> published, because spoofing is at the root of this problem
> (reflection/amplification attacks).
>
> This horse is not dead, and still deserves a lot of kicking.
>
> $.02,
>
> - - ferg (co-author of BCP38)
>

I completely agree.  My sphere of influence is bcp38 compliant.  And,
networks that fail to support some form of bcp38 are nothing short of
negligent.

That said, i spend too much time taking defensive action against ipv4 amp
udp attacks. And wishing others would deploy bcp38 does not solve today's
ddos attacks.

CB
>
> - --
> Paul Ferguson
> VP Threat Intelligence, IID
> PGP Public Key ID: 0x54DC85B2
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iF4EAREIAAYFAlLv3ocACgkQKJasdVTchbLhowEAuO9DSQiRswVeqpHSccHo060h
> cqmIB8XlaNkzEPQw1w0A/0G6cjvtWBiJfwWbWoTY7X3RRMHeN36RkYR+2TonyNBi
> =W2wU
> -----END PGP SIGNATURE-----

• Previous message (by thread): BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
• Next message (by thread): BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]