Re: What to improve? BCP-38/SAC-004 anyone?
Jared Mauch <jared@puck.nether.net> Fri, 01 January 2016 00:18 UTC
Return-Path: <jared@puck.nether.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE1CE1A908B for <ietf@ietfa.amsl.com>; Thu, 31 Dec 2015 16:18:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.912
X-Spam-Level:
X-Spam-Status: No, score=-1.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wvrREWbH8zEc for <ietf@ietfa.amsl.com>; Thu, 31 Dec 2015 16:18:01 -0800 (PST)
Received: from puck.nether.net (puck.nether.net [IPv6:2001:418:3f4::5]) by ietfa.amsl.com (Postfix) with ESMTP id C347E1A9089 for <ietf@ietf.org>; Thu, 31 Dec 2015 16:18:01 -0800 (PST)
Received: from [IPv6:2601:401:3:6a00:68d5:e71c:231f:5590] (unknown [IPv6:2601:401:3:6a00:68d5:e71c:231f:5590]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by puck.nether.net (Postfix) with ESMTPSA id A2B1954089C; Thu, 31 Dec 2015 19:17:59 -0500 (EST)
Subject: Re: What to improve? BCP-38/SAC-004 anyone?
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: text/plain; charset="utf-8"
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <16726.1451602892@obiwan.sandelman.ca>
Date: Thu, 31 Dec 2015 19:17:59 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <4CB46486-1B4C-480D-BC98-DAE90C32D9FC@puck.nether.net>
References: <7664F94E-F7A6-4556-B1E6-2DE536A7B7FC@frobbit.se> <5684FCDB.7010009@mnt.se> <A074CA07-691E-41A7-B1D7-33F4ECBED5A9@puck.nether.net> <568579FB.6030702@gmail.com> <16726.1451602892@obiwan.sandelman.ca>
To: Michael Richardson <mcr+ietf@sandelman.ca>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/LEeKU8bWRlWjQEQobcqbVJqO4NE>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jan 2016 00:18:03 -0000
> On Dec 31, 2015, at 6:01 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > > Brian E Carpenter <brian.e.carpenter@gmail.com> wrote: >> That seems worth a bit more discussion. I'd always naively assumed that BCP38 was >> scalable since all it appears to need is a prefix match, and routers are very >> good at matching prefixes; it's just that they don't normally match the source >> prefix. Could some router-vendor person comment on this? > > It's also really really really cheap to do in the CMTS or PPP concentrator, > where for IPv4, it's often not even a "prefix" machine, but a /32 match. > > IPv6 with PD makes it potentially a list... These often aren’t the devices that are a problem. The majority of cable/DSL networks do not permit spoofing. There are external ways to measure this with traceroute and data from things like the OpenResolverProject stuff which I worked on. I can get a $5/mo server or a $2/mo so-called-booter service to launch attacks from. What I often need are better tools to trace back spoofed packets or mark them. The nice thing about most of these attack networks is they respond faster than I can trace and most attacks we see are sub-15 minutes. The incentives are all wrong here and I’d love to talk to people about how to change them. Some locations, eg: Finland have a regulator that does not accept spoofing from the entities they supervise. It’s one approach, but perhaps doesn’t scale to other markets. - Jared
- What to improve? BCP-38/SAC-004 anyone? Patrik Fältström
- Re: What to improve? BCP-38/SAC-004 anyone? Leif Johansson
- Re: What to improve? BCP-38/SAC-004 anyone? tom p.
- Re: What to improve? BCP-38/SAC-004 anyone? Patrik Fältström
- Re: What to improve? BCP-38/SAC-004 anyone? Kathleen Moriarty
- Re: What to improve? BCP-38/SAC-004 anyone? Jared Mauch
- Re: What to improve? BCP-38/SAC-004 anyone? Leif Johansson
- Re: What to improve? BCP-38/SAC-004 anyone? Jared Mauch
- Re: What to improve? BCP-38/SAC-004 anyone? joel jaeggli
- Re: What to improve? BCP-38/SAC-004 anyone? Steve Crocker
- Re: What to improve? BCP-38/SAC-004 anyone? Brian E Carpenter
- Re: What to improve? BCP-38/SAC-004 anyone? joel jaeggli
- Re: What to improve? BCP-38/SAC-004 anyone? Jared Mauch
- Re: What to improve? BCP-38/SAC-004 anyone? John Levine
- Re: What to improve? BCP-38/SAC-004 anyone? Jared Mauch
- Re: What to improve? BCP-38/SAC-004 anyone? Michael Richardson
- Re: What to improve? BCP-38/SAC-004 anyone? Michael Richardson
- Re: What to improve? BCP-38/SAC-004 anyone? Michael Richardson
- Re: What to improve? BCP-38/SAC-004 anyone? Jared Mauch
- Re: What to improve? BCP-38/SAC-004 anyone? Jared Mauch
- Re: What to improve? BCP-38/SAC-004 anyone? Patrik Fältström
- Re: What to improve? BCP-38/SAC-004 anyone? Randy Bush
- Re: What to improve? BCP-38/SAC-004 anyone? Patrik Fältström
- RE: What to improve? BCP-38/SAC-004 anyone? Christian Huitema
- Re: What to improve? BCP-38/SAC-004 anyone? John Levine
- Re: What to improve? BCP-38/SAC-004 anyone? Jari Arkko
- Re: What to improve? BCP-38/SAC-004 anyone? Donald Eastlake
- Re: What to improve? BCP-38/SAC-004 anyone? Jim Gettys
- Re: Fwd: What to improve? BCP-38/SAC-004 anyone? dave taht
- Re: What to improve? BCP-38/SAC-004 anyone? George, Wes