Changing the way we talk about BCP38 [Was: Re: "Everyone should be deploying BCP 38! Wait, they are ...."]
fergdawgster at mykolab.com
Tue Feb 18 19:43:25 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 2/18/2014 11:22 AM, Jared Mauch wrote:
> On Feb 18, 2014, at 1:40 PM, Patrick W. Gilmore <patrick at ianai.net>
>> Barry is a well respected security researcher. I'm surprised he
>> posted this.
>> In his defense, he did it over a year ago (June 11, 2012). Maybe
>> we should ask him about it. I'll do that now....
> I'm not surprised in any regard. There are too many names for
> BCP-38, SAV, SSAC-004, BCP-84, Ingress Filtering, etc..
This is why I am now using the phrase "anti-spoofing" when talking
about this in public. It far less cryptic, and I am breaking into
bite-sized components that people can actually understand.
As engineers & technical people, we need to start using language
people can wrap their brains around easily.
Remember: We are living in the age of instant gratification and
Attention Deficit Disorder. :-)
- - ferg
> There are many networks that perform this best practice either by
> "default" through NAT/firewalls or by explicit configuration of the
> There are many networks that one will never be able to measure nor
> audit as well, but that doesn't mean we shouldn't continue to work
> on tracking back spoofed packets and reporting the attacks, and
> securing devices.
> - Jared
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the NANOG