Re: [spoofing-tf] Source Address Validation Architecture (SAVA), BOF proposal @ IETF

  • To: "Barry Greene (bgreene)" bgreene@localhost
  • From: Rob Beverly rbeverly@localhost
  • Date: Thu, 14 Sep 2006 11:22:26 -0400
  • Cc: Jaap Akkerhuis jaap@localhost, spoofing-tf@localhost, sava@localhost

On Thu, Sep 14, 2006 at 08:13:43AM -0700, Barry Greene (bgreene) wrote:
> RTFM BCP 38. Please point out the phase where it says BCP 38 checks are
> done in the core of a network.
> 
> Honestly I find this convoluted excuse for not using uRPF Strict mode as
> a tool for BCP 38 really lame. Read the doc and understand how it work. 

Barry, 

Thanks - I've RTFM'd.  I'm neither trying to present a convoluted
excuse nor say that BCP 38 isn't highly useful.  Rather, our
project attempts to measure the penetration of such techniques.
I mainly take objection to the statements that spoofing is not
useful to any parties viz-a-viz the DNS amplifier attacks and
UCE filter circumvention.  Perhaps you have detailed statistics
on the distribution of edge devices and their support of various
modes of uRPF?  This is the kind of data that would also be
interesting in understanding adoption issues.

Regards,

rob