Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange


Chronological Thread 
  • From: Michael H Lambert <>
  • To: "" <>
  • Cc:
  • Subject: Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange
  • Date: Mon, 6 Nov 2017 11:17:44 -0500
  • Dkim-filter: OpenDKIM Filter v2.11.0 mailer1.psc.edu vA6GHeQl018027
  • Ironport-phdr: 9a23:c8sAHhRzkBCbYnGXZD6LtP0s89psv+yvbD5Q0YIujvd0So/mwa6yYBeN2/xhgRfzUJnB7Loc0qyN4vCmATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSijewZbB/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4qF2QxHqlSgHLSY0/33YhcJtjKxUohyvqRN8zY7afo+bM+Fzfr/EfdMfWWZBXtpdWzJHD4ihb4UPFe0BPeNAoof6plsBsRu+ChOyC+Pr1zRGhGL906sg3OQkCg7JwhYgH84Tu3nTqNX6LqISXvurw6nS0TXOdOtW2Szh54TSbB8uvOyMUKt2fMHMykcvDxvIgkiOpYHmJT+Zy+cAv3aB4+dgVu+jkXMrpx1trjS328sglIrEipgIxl3H6yl12ps5KNykREJhf9KoDZlduieHPIVsWMwiWXtnuCMix70Gp5G7eC8KxYwixxHFavyHd5aH4gj+WOqLOTd4n25qdKihiBmv7Eis0uz8Vs+q31ZWtidJj8fAu3MX2xDO6cWLVOFx80ei1DqVygzf9v1ILVgxlaXBKp4hxrAwloAUsUTGBiL2nF/5jKqNeUo64Oio9//qYq39ppCALYN7lBzxMrk2lsylHes4KhQOX3Sc+emkz73s41H2QKhQjv03jqnYsInWJMoUpqOiBw9V050j6wqkDzu4ytgYnH8HLE5bdxKdiYjmJU3OLO7iAfihnlusjS9hx+raMb35HpXNMn/Dna/nfbZh8UFT1BIzws5B6JJOC7EBJv3zV1T1tNzZFR85Lxe0z/j9BNV80IMeRXyAArWfMKzMrV+E+PgjLPeRa48I637BLK1v4eLnhmc0lEUce6aB3J0LZWq+E+g8ZUiVfDCk1tEdGGwSswckTerloFyETTNJYXuuBeQx6ixtW6y8CoKWY4GmgLWM2G+bVrlfY2pLEEzERXPhco+JQeskcDmZZMJtj2pXBvCaV4Y92ET250fBwL19I7+M9w==

> On 6 Nov 2017, at 10:54, David Farmer
> <>
> wrote:
>
> So a question, how do we communicate this going forward as we interact with
> more and more people? I'm worried some will just see this as an effort to
> apply a traffic security policy on the Internet2 backbone.

I think the primary targets/victims/beneficiaries of this process should be
the connectors. To me, it makes much more sense for them to be filtering
their members on ingress, especially since BCP38 does tend to crop up in
various NSF solicitations. If Internet2 does the filtering, it can hide
these downstream issues. It is appropriate for Internet2 to identify
"offending" traffic, but once it has been identified, the connector should be
encouraged/cajoled/shamed to fix the problem.

International peers are another matter. One would hope that they would have
similar policies.

Michael




Archive powered by MHonArc 2.6.19.

Top of Page