On 17.11.15 17:50 , Pavel Odintsov wrote:
Hello, Community!
I'm writing from RIPE71 / Anti spoofing BoF. So I want to ask for some difficult ethical question.
Could we detect probe hosts who do not deploy outgoing filtering and accept spoofed traffic?
We need to know amount of they. It's really important for solving spoofing issue in Internet scale.
Why exactly do we need to know the exact amount of this problem? We surely know it exists and that it is widespread enough to allow serious reflection attacks. We will know that we are solving the problem when these attacks are getting less. Why not measure that? Would it not be much better to get all ISPs to do something about it? If we are interested in the amount of BCP-38 compliant address space we could just ask. Those that implement it or are in the process of doing so will gladly tell us since that shows them as good citizens. How about getting address space users to publish the BCP-38 status of their address space holdings like this? BCP-38 fully implemented BCP-38 100% implemented by <date> BCP-38 considering Maybe add an attribute to the inetnum:s in the database? Run a campaign to encourage porganisations to publish BCP-38 status and shame those that do not. That would provide a useful measure and also raise awareness! In the case of ISPs it would be open to verification by customers. Daniel