The good news is that source address spoofing does seem to fail with most CPE's NAT. At the end of the day, just turn on uRPF and/or use ACLs. It's amazing how much destination 192.168.0.0/24 and 192.168.1.0/24 our ACLs also block. Frank -----Original Message----- From: Jay Ashworth [mailto:jra@baylink.com] Sent: Sunday, March 31, 2013 9:35 PM To: NANOG Subject: Re: BCP38 tester? ----- Original Message -----
From: "Alain Hebert" <ahebert@pubnix.net>
An easy target would be anti-virus/trojan/security software providers that could add a BCP38 check to their software =D
Yes, but penetration is a problem, which is why I was thinking about people like YouTube, Ookla, and the like. Any Flash app that lots of people run frequently. Assuming those apps could generate the packets, which, on reflection, I would bet they can't. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274