ietf
[Top] [All Lists]

Re: What to improve? BCP-38/SAC-004 anyone?

2015-12-31 18:18:16

On Dec 31, 2015, at 6:01 PM, Michael Richardson 
<mcr+ietf(_at_)sandelman(_dot_)ca> wrote:


Brian E Carpenter <brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
That seems worth a bit more discussion. I'd always naively assumed that 
BCP38 was
scalable since all it appears to need is a prefix match, and routers are very
good at matching prefixes; it's just that they don't normally match the 
source
prefix. Could some router-vendor person comment on this?

It's also really really really cheap to do in the CMTS or PPP concentrator,
where for IPv4, it's often not even a "prefix" machine, but a /32 match.

IPv6 with PD makes it potentially a list...

These often aren’t the devices that are a problem.  The majority of cable/DSL
networks do not permit spoofing.  There are external ways to measure this with
traceroute and data from things like the OpenResolverProject stuff which I 
worked
on.

I can get a $5/mo server or a $2/mo so-called-booter service to launch attacks 
from.

What I often need are better tools to trace back spoofed packets or mark them.  
The
nice thing about most of these attack networks is they respond faster than I 
can trace
and most attacks we see are sub-15 minutes.  The incentives are all wrong here 
and
I’d love to talk to people about how to change them.  Some locations, eg: 
Finland
have a regulator that does not accept spoofing from the entities they supervise.

It’s one approach, but perhaps doesn’t scale to other markets.

- Jared