Source Address Validation is one of the key components to preventing spoofing. No network operator should be allowing packets to egress their network with source addresses that are external to their network, nor should they allow packets to ingress their network that have a source IP address internal to their network. The problem isn't in the implementation of BCP38, its network operators failing to do so. BCP38 technically could cause issues for multihoming networks, however if you are using your own IP space delegated by an RIR then it wouldn't be an issue. Where it could cause issues, is when you are using a source address from ISP A to send traffic via ISP B and they have strict filtering policies in place. There is no one single plan as every network is unique. One way to do this would be to filter packets at your border. Regards, Christopher Hawker On Sun, 06/04/2025 02:09 AM, "T. Fırıncı via NANOG" <nanog@lists.nanog.org> wrote:
Hello I am Taygun, I am a 23 year old who has been working in cyber security and information technologies as a hobby for about 13 years. There are countless people and institutions that have been victims of IP spoofing attacks that have increased recently in my country (Turkey). I started researching to find a solution to this problem and offer a solution to the ISPs and the IT institutions in my country. After brainstorming in the TRNOG group in Türkiye and on LinkedIn, such as NANOG, I thought that bcp38 could be a solution, but some people said that this solution would create a problem in multihome networks. What is the exact optimum solution? Where should I look? How can I create a plan that can be presented to the necessary places? Currently, all existing or old ISPs and datacenters in Türkiye have completely lost hope in resolving the problem.
References: https://www.linkedin.com/posts/taygun-firinci_son-zamanlarda-servis-sa%C4%9F... https://spoofer.caida.org/recent_tests.php?as_include=&country_include=tur&no_block=1 Best Practices for Deploying SAV: https://manrs.org/2023/04/why-is-source-address-validation-still-a-problem/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/KXTZVI2F...