"Everyone should be deploying BCP 38! Wait, they are ...."

Patrick W. Gilmore patrick at ianai.net
Tue Feb 18 18:40:52 UTC 2014


Barry is a well respected security researcher. I'm surprised he posted this.

In his defense, he did it over a year ago (June 11, 2012). Maybe we should ask him about it. I'll do that now....

-- 
TTFN,
patrick

On Feb 18, 2014, at 13:31 , Dave Bell <me at geordish.org> wrote:

> That article is terrible.
> 
> Looking at the stats provided, only 2582 unique AS's were tested.
> http://www.cidr-report.org/as2.0/#General_Status has over 46k AS's
> currently in the routing table.
> 
> This means they have tested around 5% of the AS's on the Internet.
> 
> Dave
> 
> 
> On 18 February 2014 17:20, Jay Ashworth <jra at baylink.com> wrote:
> 
>> Here's a piece which uses the MIT ANA data to assert that the job is
>> mostly done already.
>> 
>> Unless I'm very much mistaken, it appears that a large percentage of the
>> failed BCP 38 spoofing tests listed in that data are actually due to
>> customer side NAT routers dropping packets...
>> 
>> which is of course egress filtering rather than ingress filtering, and
>> thus doesn't actually apply to our questions.
>> 
>> Am I interpreting that correctly?
>> 
>> http://www.senki.org/everyone-should-be-deploying-bcp-38-wait-they-are/
>> 
>> (Oh, and bcp38.info is now the number 2 Ghit for "bcp38"; thanks to 5 new
>> contributors for signing up to help so far this week.)
>> 
>> Cheers,
>> - jra
>> --
>> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>> 
> 




More information about the NANOG mailing list