Hi Everyone,
I am currently writing a little thesis about DDoS mitigations and would like to pickup an old topic: BCP38 While searching in the caves of the Swinog archive I didn't found much information in the past about this subject. Only a unanswered Mail-Post from 2014 from Jeroen Massar [1]
I would like to know how spoofable Switzerland's ISP/Netowrks are. It would be very nice if some of you Swinogers would participate in my survey.
The anonymous poll form "BCP38 deployment in Switzerland" can be found under: http://goo.gl/forms/BO3Fqt9S1U
You can also reply to this thread with your personal opinion.
On request I can deliver a summary of my my survey.
Thanks for participating!
Stef
[1] http://lists.swinog.ch/public/swinog/2014-February/006040.html
On 2016-03-09 08:38, Grosser Stefan wrote:
Hi Everyone,
I am currently writing a little thesis about DDoS mitigations and would like to pickup an old topic: BCP38 While searching in the caves of the Swinog archive I didn't found much information in the past about this subject. Only a unanswered Mail-Post from 2014 from Jeroen Massar [1]
I would like to know how spoofable Switzerland's ISP/Netowrks are. It would be very nice if some of you Swinogers would participate in my survey.
VERY spoofable.
Which is why nobody really dares to talk about it likely as it is a huge infrastructure problem that ISPs do not want to invest in to resolve.
Noting that some hardware does not allow an ISP to do proper BCP38 either (even though people have been whining at Cisco and the likes for about a decade), but it is ridiculous that the edge does not filter simply on source prefixes.
The bigger problem than hardware is simply that many ISPs do not understand why BCP38/SAVE is important to implement.
but you are in luck, CAIDA recently took over the Spoofer project with a grant from the US government. And they are nicely going to publish and name and shame spoofable networks, please see:
http://blog.caida.org/best_available_data/2015/05/28/caida-takes-over-stewar...
and the main website http://spoofer.caida.org/
I suggest you contact KC Claffy for details about Switzerland ;)
Oh and yes: Dear ISPs: FIX YOUR ***** NETWORK!
As soon you'll be in the newspapers that you allow spoofed mostly untraceable DDoS from your networks to other networks, that will have a nice PR effect for you... (apparently both Heise and even the NZZ where really where interested in the data :)
For those ISPs that are willing to fix things, pleae check: https://www.routingmanifesto.org/manrs/
where on the Participant list you will only find SwissCom: https://www.routingmanifesto.org/participants/
Unfortunately they do not enforce that to other ISPs (and afaik not all of their network actually really complies with it...), it would be great if networks actually followed the full set of MANRS...
Greets, Jeroen
On 03/09/2016 09:19 AM, Jeroen Massar wrote:
On 2016-03-09 08:38, Grosser Stefan wrote:
Hi Everyone,
....
I would like to know how spoofable Switzerland's ISP/Netowrks are. It would be very nice if some of you Swinogers would participate in my survey.
VERY spoofable.
Which is why nobody really dares to talk about it likely as it is a huge infrastructure problem that ISPs do not want to invest in to resolve.
Noting that some hardware does not allow an ISP to do proper BCP38 either (even though people have been whining at Cisco and the likes for about a decade), but it is ridiculous that the edge does not filter simply on source prefixes.
The bigger problem than hardware is simply that many ISPs do not understand why BCP38/SAVE is important to implement.
Thank your for your feedback. As expected I didn't get much responses to my survey. I have to assume many would hit the " No, and I don't care"-radio button answer... :/
But: it's not too late to answer the survey: http://goo.gl/forms/Od94HExA1d
but you are in luck, CAIDA recently took over the Spoofer project with a grant from the US government. And they are nicely going to publish and name and shame spoofable networks, please see:
http://blog.caida.org/best_available_data/2015/05/28/caida-takes-over-stewar...
and the main website http://spoofer.caida.org/
I suggest you contact KC Claffy for details about Switzerland ;)
I was already in touch with KC Claffy and Robert Beverly - nice guys! I linked their project at the end of my survey - I hoped somebody will run their tool to submit some statistics.
Have a nice week!
Stefan
-
Grosser Stefan -
Jeroen Massar