On Feb 3, 2014 10:23 AM, "Paul Ferguson" <fergdawgster@mykolab.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 2/2/2014 2:17 PM, Cb B wrote:
And, i agree bcp38 would help but that was published 14 years ago.
But what? Are you somehow implying that because BCP38 was "...published 14 years ago" (RFC2267 was initially published in 1998, and it was subsequently replaced by RFC2827)?
I hope not, because BCP38 filtering would still help stop spoofed traffic now perpetuating these attacks, 14 years after BCP38 was published, because spoofing is at the root of this problem (reflection/amplification attacks).
This horse is not dead, and still deserves a lot of kicking.
$.02,
- - ferg (co-author of BCP38)
I completely agree. My sphere of influence is bcp38 compliant. And, networks that fail to support some form of bcp38 are nothing short of negligent. That said, i spend too much time taking defensive action against ipv4 amp udp attacks. And wishing others would deploy bcp38 does not solve today's ddos attacks. CB
- -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlLv3ocACgkQKJasdVTchbLhowEAuO9DSQiRswVeqpHSccHo060h cqmIB8XlaNkzEPQw1w0A/0G6cjvtWBiJfwWbWoTY7X3RRMHeN36RkYR+2TonyNBi =W2wU -----END PGP SIGNATURE-----