Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange


Chronological Thread 
  • From: Steven Wallace <>
  • To: "" <>, "" <>
  • Cc: gcbrowni <>
  • Subject: Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange
  • Date: Mon, 6 Nov 2017 10:37:28 -0500
  • Ironport-phdr: 9a23:NJkGXhevfnz3cSlxF+AAPrEZlGMj4u6mDksu8pMizoh2WeGdxcS9bB7h7PlgxGXEQZ/co6odzbGH4+a4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5Yr5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM38GLZhdB/g6xGrhyupQJxw4DPbY6PKPZ+e7nQcc8GSWdDWMtaSixPApm7b4sKF+cPIPpYoJfjp1QQqxu1GAmjC/nryj9MnHD5wbM12PkmHAHdxwwhEckDsHXJrNnvKqgdTP21wbDOwD7eYf1W3jL955LJchAnufyDQah/ccvMxkY1DQ/FiU+QqYPjMjiI1eoNq3CW4/dvWO+rkWIrtgB8rzi1yssxhITEiZgZx1LL+Ch/3Y07P8e3SFRhbt6hCJZQtz+VN49xQs46RmFnoic6yrkctZGnYCgF1I4rxxHFa/yBdIiH/gjvVOeMITtimn1qZa+/iw6z8Uim1OL8StG53EtFoydBiNXAq3EA2hzJ5sSaRPZw8V2t1DSA2gzL7+FLO0E0la7VK547xb4wk4IesV/YHi74g0j2jbKWel869ee19uTreq/mqYOEN49olgH+NbwjmsqjAesiLgcOR3aU9vqm1L3i+035T65Hjvk3kqnCrJDaPtoXqrS4Aw9TzoYs9Qy/DzG439QEg3ULNkxKdw+aj4LxIVHBPOj4Deujg1SriDpr3O7JMaH8ApXXL3jDjLfgca9z6k5T0wczydFf54lICrEaPv7/QE7xtNrEDhAnKQy0xfjoCMlj2o8ER22AH7KZY+vutgrC/e8kPvONeJ5QpznVKv456uTogGNj31IRYOPhiYAaY22iH+h3ZlqWSXvqntobF2oW5EwzQPG8zBXIVyJabG6/Urg94D4TCYS6AJ3FS5z3xrGNwW3zSptKb2teB12WEHHnX4SCR/oWbi+OeIlsniFSBpa7TIp07g2jqgL8g4VuKu7d8SBQ4Yn4y/B0+qvemQxkpm88NNiUz2zYFzI8pWgPXTJjhK0=

Not comprehensive, but interesting:





On Nov 6, 2017, at 10:18 AM, John Kristoff <> wrote:

On Mon, 6 Nov 2017 14:32:44 +0000
gcbrowni <> wrote:

Let me know if you think anything is missing; I’m interesting in
making sure we capture the thinking of the working groups.

Sorry I was absent from this discussion, but let me add something that
some in the Internet research community might raise.

Recently a trial filter was implemented on the Internet2 Ashburn
router. The edge filter implements an anti-spoofing filter for
internal Internet2 addresses. The goal is to reject inbound traffic
using Internet2 source-IP’s that are sourced outside of Internet2.

This is probably a good compromise.

Traceroute in various forms have been widely used for measuring and
discovering Internet infrastructure.  One technique that was used at
least as far back as Bill Cheswick's early Internet map production days
was to spoof the source address of traceroute messages from multiple
sources so responses all went back to a central collector.  This helps
not only for collection, but also helps identify paths, links, and
interfaces from different vantage points.

This technique has been adapted over the years and just last week was
brought up again at the Internet Measurement Conference as a valid and
useful way researchers use to measure and understand the Internet.

It would be nice, if possible, to allow this sort of activity.  It
should be feasible without too much trouble to allow pinholes from the
edge networks where this can be carefully scoped to legitimate research
projects.

Researchers may want it opened even further than the experimental
filters above, but what you've done seems like an appropriate compromise
to me.

Happy to make introductions to the researchers if desirable.  They may
have more to say about their needs and wants.

John




Archive powered by MHonArc 2.6.19.

Top of Page