I can assume that If you are spoofing packets, resetting passwords on cpe
and replacing the box would be trivial. So it's questionable how useful
this is. It seems like it just adds cost to for customers that can't spoof
a packet to save their lives.
On Mar 31, 2013 6:37 PM, "Jason Lixfeld" <jason(a)lixfeld.ca> wrote:
On 2013-03-31, at 10:48 AM, Jay Ashworth <jra(a)baylink.com> wrote:
> Is there a program which users can run on an end-site workstation which
> would test whether they are being some link which is doing BCP38, or some
> related type of source-address ingress filtering?
>
> I'm hoping for something that could be downloaded by users and run, and
> try to forge a few packets to somewhere useful, which could be logged
> somehow in conjunction with some unforged packets containing a traceroute,
> so we could build up a database of leaky networks.
>
> On a related topic, while I know GRC Research's Steve Gibson is a bit of
> a polarizing personality, he does have a fairly sizable consumer audience,
> and might be a great distribution venue for such a thing.
>
> Or, perhaps, is there someone on here from Ookla?
>
> Patrick? Could Akamai be persuaded to take an interest in this as a
> research project?
>From my perspective, 99% of end-users probably don't understand (or care)
that their provider might be responsible for initiating or precipitating a
DDoS attacks, period. Most network operators are probably either too
inexperienced to understand or too lazy to care.
I believe that most everyone has a CPE of some sort, whether their service
is resi or commercial. So, what about shifting the focus to the CPE
manufacturers? They bend to technology and/or market pressures by bringing
things like NAT, Firewalls, DLNA, UPnP, IPv6 (heh), PPPoE, RFC1483, etc. to
their respective products in to satisfy technology limitations or security
concerns or whatever. Why can't they help the cause by implementing some
sort of RFC'ified BCP38 thing?