What is 'iwantbcp38compliancetesting' user tag?
When revisiting the settings of my probe, I found this 'iwantbcp38compliancetesting' user tag. I know what BCP38 is, but what is the meaning of the tag? Is it a poll? Geert Jan
On Sat, Jan 09, 2016 at 03:15:12PM +0100, Geert Jan de Groot <GeertJan.deGroot@xs4all.nl> wrote a message of 8 lines which said:
I know what BCP38 is, but what is the meaning of the tag? Is it a poll?
I don't know but I see that there are only 22 probes with this tag.
Hi,
On 09 Jan 2016, at 15:15, Geert Jan de Groot <GeertJan.deGroot@xs4all.nl> wrote:
When revisiting the settings of my probe, I found this 'iwantbcp38compliancetesting' user tag.
I know what BCP38 is, but what is the meaning of the tag? Is it a poll?
BCP 38 is a standard to prevent spoofed packets coming from networks. These spoofed packets are a popular means of performing DDoS attacks. This would go away when all networks implement BCP 38, thus filtering out all packets with spoofed source addresses. The problem is that it is very very hard to measure compliance of BCP 38. A simple way would be to send out spoofed packets. There has been discussion on this list to allow this measurement to be performed on RIPE Atlas probes. The community currently is against it, as sending spoofed packets can raise red flags for network operators, or is possibly against the user policy. Users are often not aware of these consequences or rules surrounding spoofed packets. Using these tags is probably a silent protest against this decision ;) Jeroen.
On Sat, Jan 09, 2016 at 04:00:35PM +0100, Jeroen van der Ham <jeroen@dckd.nl> wrote a message of 27 lines which said:
Using these tags is probably a silent protest against this decision ;)
Geert said it was *his* probe so I assume he did not set the tag.
I am setting this tag on all my probes, which probably accounts for at least half that number... Imho Non compliance with BCP38 invites trouble and I'd like this eradicated from here, personally. On Jan 9, 2016 5:07 PM, "Stephane Bortzmeyer" <bortzmeyer@nic.fr> wrote:
On Sat, Jan 09, 2016 at 04:00:35PM +0100, Jeroen van der Ham <jeroen@dckd.nl> wrote a message of 27 lines which said:
Using these tags is probably a silent protest against this decision ;)
Geert said it was *his* probe so I assume he did not set the tag.
On Sat, 9 Jan 2016 16:06:26 +0100 Stephane Bortzmeyer wrote:
Geert said it was *his* probe so I assume he did not set the tag.
I set the tag because it was listed as user tag; it was not a field whose name I created myself. It wasn't there when I checked the values before ,I therefore wonder the creation of the tag value, hence the question. I *did* get formal approval, from my ISP, to do bcp38 tests as long as it's low-volume, testing only, and I share the results with them. Since then I have reported to them that tests using spoofer.caida.org were OK, i.e. spoofing was properly filtered. Geert Jan
On 2016/01/09 16:30 , Geert Jan de Groot wrote:
On Sat, 9 Jan 2016 16:06:26 +0100 Stephane Bortzmeyer wrote:
Geert said it was *his* probe so I assume he did not set the tag.
I set the tag because it was listed as user tag; it was not a field whose name I created myself. It wasn't there when I checked the values before ,I therefore wonder the creation of the tag value, hence the question.
As far as I know, there is some sort of public/private thing for probe tags. You can tag your probe with anything you like but it isn't visible except for yourself. Then tags that are popular enough and are not offensive (or that otherwise seem to make sense) and are make public. Which means that you can see which probes have those tags and the UI will also suggest them.
Hi, As for the origin of the tag: I set this on my probe as an experiment to see if one could do a poll among probe hosts. Apparently the hosts of 21 other probes already found the tag without it every being advertised. Now that it is more widely known it would probably be interesting for proponents of BCP38 compliance-testing to set that probe-tag, and for opponents to set the 'idontwantbcp38compliancetesting' probe-tag. cheers, Emile
On 10.01.16 6:17 , Emile Aben wrote:
Hi,
As for the origin of the tag: I set this on my probe as an experiment to see if one could do a poll among probe hosts. Apparently the hosts of 21 other probes already found the tag without it every being advertised.
Now that it is more widely known it would probably be interesting for proponents of BCP38 compliance-testing to set that probe-tag, and for opponents to set the 'idontwantbcp38compliancetesting' probe-tag.
In general I like creative use of the RIPE Atlas system. I could see the use of a "SourceAddressSpoofOK" tag that says it would be OK to spoof source addresses when sending traffic from this probe. This kind of opt-in statement has meaning. It would also be a constructive way to get around the risks associated with source address spoofing from probes of unsuspecting hosts. However doing a poll by setting probe tags which are meant to convey attributes of the probe and not opinions of the host is not really useful. This is aggravated by the lack of a clear definition for the meaning of this tag. Daniel
On 11/01/16 10:39, Daniel Karrenberg wrote:
On 10.01.16 6:17 , Emile Aben wrote:
Hi,
As for the origin of the tag: I set this on my probe as an experiment to see if one could do a poll among probe hosts. Apparently the hosts of 21 other probes already found the tag without it every being advertised.
Now that it is more widely known it would probably be interesting for proponents of BCP38 compliance-testing to set that probe-tag, and for opponents to set the 'idontwantbcp38compliancetesting' probe-tag.
In general I like creative use of the RIPE Atlas system. I could see the use of a "SourceAddressSpoofOK" tag that says it would be OK to spoof source addresses when sending traffic from this probe. This kind of opt-in statement has meaning. It would also be a constructive way to get around the risks associated with source address spoofing from probes of unsuspecting hosts.
However doing a poll by setting probe tags which are meant to convey attributes of the probe and not opinions of the host is not really useful. This is aggravated by the lack of a clear definition for the meaning of this tag.
dismissing this as useless is a bit premature i think. this is an experiment about how to get community feedback, tied to specific resources (ripe atlas probes) this community has (ie. one vote per probe). if the number of people that 'vote' is insignificant the conclusion is that my attempt of collecting feedback didn't work. as to meaning of the tag: as you said yourself the tag conveys the opinion of the probe host. what may be unclear is if the probe host would be ok with bcp38 tests from their own probes. my assumption is they are (i probably should have made the tag 'iwantbcp38compliancetestingonthisprobe', but thought that rather long). currently there are 37 probes with 'iwantbcp38compliancetesting' set, so in case ripe atlas would have 'bcp38-compliance testing' as an opt-in measurement, this would likely be the lower bound of the probes that would be opted-in. emile ps: i think the definition problem is more with spoofing vs. bcp38-compliance testing. spoofing doesn't necessarily involve all involved parties' agreement, while i think a bcp38-compliance test could (should?). personally, as a probe host, i would *not* want all spoofing being made possible from my ripe atlas probe, but i would be ok with bcp38-compliance testing, especially if all involved parties are ok with sending bcp38 test packets. involved parties: - probe host - holder/user of src address for a bcp38 test packet - holder/user of dst address for a bcp38 test packet and i think we can create circumstances where we can actually make all these parties agree. having a probe host opt-in (like my tag implies, but could be more explicit like you suggest) and by having fixed src/dst address space being used for these tests (or have probe public ip addresses of hosts that agree being used in tests?).
On 1/11/2016 11:36 PM, Emile Aben wrote:
[snip] dismissing this as useless is a bit premature i think. this is an experiment about how to get community feedback, tied to specific resources (ripe atlas probes) this community has (ie. one vote per probe). if the number of people that 'vote' is insignificant the conclusion is that my attempt of collecting feedback didn't work.
[snip]
If I want to affect the feature set of the probe, I would do so by using communication channels that are already in place, e.g., that we are using now with this mailing list. I view the probes' tags as a way to announce what the capability of the probe is, and not what I want the capability of the probe to be. I feel that the reduction of the usefulness of the probes' tags to something akin to facebook's "likes" is a diversion of purpose. If you want to have some manner of voting, then do so via your account on the RIPE website. I have to log in to the account to change the tags on my probe, why not just put a voting option on the website? I see no need, and I have no desire, to display my vote among the public data on my probe.
On 12/01/16 18:55, Mike wrote:
On 1/11/2016 11:36 PM, Emile Aben wrote:
[snip] dismissing this as useless is a bit premature i think. this is an experiment about how to get community feedback, tied to specific resources (ripe atlas probes) this community has (ie. one vote per probe). if the number of people that 'vote' is insignificant the conclusion is that my attempt of collecting feedback didn't work.
[snip]
If I want to affect the feature set of the probe, I would do so by using communication channels that are already in place, e.g., that we are using now with this mailing list.
I view the probes' tags as a way to announce what the capability of the probe is, and not what I want the capability of the probe to be. I feel that the reduction of the usefulness of the probes' tags to something akin to facebook's "likes" is a diversion of purpose.
agree that this shouldn't become a facebook-"like" type of thing, but it's a fine line. i see this particular tag as showing the potential for a capability of the probe, a tag like 'iwantaffordablebroadband' would not be.
If you want to have some manner of voting, then do so via your account on the RIPE website. I have to log in to the account to change the tags on my probe, why not just put a voting option on the website? I see no need, and I have no desire, to display my vote among the public data on my probe.
agree, this is a hack. a web poll could be a better means of collecting feedback, if we'd also tie the analysis to probe hosting, to show if there is potential for an opt-in bcp38 compliance testing. current status of the tags: $ egrep -i 'bcp38|spoof' tags.txt iwantbcp38compliancetesting (45) sourceaddressspoofok (3) bcp38 (1) i'd characterise that as a bit low turn-out, but informative in the light of previous discussions on this mailing list. as a comparison, for the ripe labs poll on wifi measurements in ripe atlas we got 159 voters. cheers, emile
participants (8)
-
Daniel Karrenberg -
Emile Aben -
Geert Jan de Groot -
Gil Bahat -
Jeroen van der Ham -
Mike -
Philip Homburg -
Stephane Bortzmeyer