"Everyone should be deploying BCP 38! Wait, they are ...."
Patrick W. Gilmore
patrick at ianai.net
Tue Feb 18 18:40:52 UTC 2014
Barry is a well respected security researcher. I'm surprised he posted this.
In his defense, he did it over a year ago (June 11, 2012). Maybe we should ask him about it. I'll do that now....
--
TTFN,
patrick
On Feb 18, 2014, at 13:31 , Dave Bell <me at geordish.org> wrote:
> That article is terrible.
>
> Looking at the stats provided, only 2582 unique AS's were tested.
> http://www.cidr-report.org/as2.0/#General_Status has over 46k AS's
> currently in the routing table.
>
> This means they have tested around 5% of the AS's on the Internet.
>
> Dave
>
>
> On 18 February 2014 17:20, Jay Ashworth <jra at baylink.com> wrote:
>
>> Here's a piece which uses the MIT ANA data to assert that the job is
>> mostly done already.
>>
>> Unless I'm very much mistaken, it appears that a large percentage of the
>> failed BCP 38 spoofing tests listed in that data are actually due to
>> customer side NAT routers dropping packets...
>>
>> which is of course egress filtering rather than ingress filtering, and
>> thus doesn't actually apply to our questions.
>>
>> Am I interpreting that correctly?
>>
>> http://www.senki.org/everyone-should-be-deploying-bcp-38-wait-they-are/
>>
>> (Oh, and bcp38.info is now the number 2 Ghit for "bcp38"; thanks to 5 new
>> contributors for signing up to help so far this week.)
>>
>> Cheers,
>> - jra
>> --
>> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>>
>
More information about the NANOG
mailing list