On Jun 12, 2012, at 11:42 AM, Vernon Schryver wrote: >> From: Tony Finch <d...@dotat.at> > >>> Yes, how is BCP 38 deployment going? >> >> Someone on NANOG recently mentioned http://spoofer.csail.mit.edu/ > > http://rbeverly.net/research/papers/spoofer-imc09.html > and the last slides in > http://rbeverly.net/research/papers/spoofer-imc09-presentation.pdf > suggest that relying on BCP 38 deployment is unsound.
<tilting at windmills> Please, *Please*, PLEASE, *PLEASE*, pretty please with cherries on the top, if you haven't implemented BCP38 protection / source filtering / uRPF (trying to hit the keywords) protection yet, please do… Also, please require it in RFPs, when you talk to networky people ask them if they have implemented and if not, hit them with a clue-stick. </tilting at windmills> I'm *sure* everyone here has already implemented BCP38 in all the applicable places, right? right?!. But just in case not, "for shame". Go on, it's important and it's not that hard[0]... W [0]: Yes, I understand that you have multihomed customers, and they like to randomly start announcing new space, but you already have BGP prefix filters, don't you? don't you?!!. Yup, and some folk have really old cruddy boxes that don't do line rate ACLs… and that idiot George in the NOC who keeps dropping ACLs in case that fixes some unrelated problem, and, and, and… but go on, make the effort… > > > Vernon Schryver v...@rhyolite.com > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > -- Hope is not a strategy. -- Ben Treynor, Google _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
