Barry is a well respected security researcher. I'm surprised he posted this. In his defense, he did it over a year ago (June 11, 2012). Maybe we should ask him about it. I'll do that now.... -- TTFN, patrick On Feb 18, 2014, at 13:31 , Dave Bell <me@geordish.org> wrote:
That article is terrible.
Looking at the stats provided, only 2582 unique AS's were tested. http://www.cidr-report.org/as2.0/#General_Status has over 46k AS's currently in the routing table.
This means they have tested around 5% of the AS's on the Internet.
Dave
On 18 February 2014 17:20, Jay Ashworth <jra@baylink.com> wrote:
Here's a piece which uses the MIT ANA data to assert that the job is mostly done already.
Unless I'm very much mistaken, it appears that a large percentage of the failed BCP 38 spoofing tests listed in that data are actually due to customer side NAT routers dropping packets...
which is of course egress filtering rather than ingress filtering, and thus doesn't actually apply to our questions.
Am I interpreting that correctly?
http://www.senki.org/everyone-should-be-deploying-bcp-38-wait-they-are/
(Oh, and bcp38.info is now the number 2 Ghit for "bcp38"; thanks to 5 new contributors for signing up to help so far this week.)
Cheers, - jra -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.