nanog mailing list archives
Re: an effect of ignoring BCP38
From: David Sinn <dsinn () dsinn com>
Date: Fri, 5 Sep 2008 15:36:42 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1I don't think you will get any argument that the vast majority of CS departments teach theory and not as much valid practice when it comes to networking. Though, being formally at the UW, I can tell you that they wouldn't have been able to spoof on the campus or through it's upstream (which we also ran).
That being said, I think another area that BCP38 is going to run into problems with is IPv6. Given that host are multi-addressed from day one and nominally follow a default route for returning traffic, they can easily appear to "spoof" perfectly valid traffic (6to4 in, native out for example). While some can be made as exceptions (6to4), some won't be done so easily without some implementation changes.
And that's not even touching on the holes in RPF checks on Cisco (no feasible) or Juniper (not quite as feasible as is really feasible) platforms.
David On Sep 4, 2008, at 10:22 PM, bmanning () vacation karoshi com wrote:
seems that some folks in the R&E community, with institutional support from Cisco, Google, and the US NSF, are exploiting our inability to take even rudimentary steps toward providing a level of integrity in routing by teaching students that spoofing IP space is ok. This whole thing works at all because so few people use/deploy/maintain BCP-38 compliance. This was an eye-opener for me. http://www.caida.org/workshops/wide/0808/slides/measuring_reverse_paths.pdf --bill
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iEYEARECAAYFAkjBtHoACgkQLa9jIE3ZamPYzQCgu2OdDu8/Uq896ffcJZjSX7X8 6jgAnR7iZFiRAsxN6+qn64ZVYIcNy1hy =E20v -----END PGP SIGNATURE-----
Current thread:
- RE: BCP38 dismissal, (continued)
- RE: BCP38 dismissal michael.dillon (Sep 04)
- RE: BCP38 dismissal James Jun (Sep 04)
- Re: BCP38 dismissal Paul Wall (Sep 04)
- Re: BCP38 dismissal Jo Rhett (Sep 04)
- Re: BCP38 dismissal Greg Hankins (Sep 04)
- Re: BCP38 dismissal Paul Wall (Sep 05)
- Re: BCP38 dismissal Gadi Evron (Sep 04)
- Re: BCP38 dismissal Patrick W. Gilmore (Sep 04)
- Re: BCP38 dismissal Gadi Evron (Sep 04)
- an effect of ignoring BCP38 bmanning (Sep 04)
- Re: an effect of ignoring BCP38 David Sinn (Sep 05)
- Re: an effect of ignoring BCP38 k claffy (Sep 06)
- Re: an effect of ignoring BCP38 Valdis . Kletnieks (Sep 08)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Valdis . Kletnieks (Sep 11)
- Re: an effect of ignoring BCP38 Jo Rhett (Sep 11)
- Re: an effect of ignoring BCP38 Pekka Savola (Sep 11)