ntacpeering - Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange
Subject: NTAC Peering Working Group
List archive
Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange
Chronological Thread
- From: John Kristoff <>
- To: gcbrowni <>
- Cc: "" <>, "" <>
- Subject: Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange
- Date: Mon, 6 Nov 2017 09:18:42 -0600
- Ironport-phdr: 9a23:JbEN/hPOvw0uPOH54B4l6mtUPXoX/o7sNwtQ0KIMzox0I/zyrarrMEGX3/hxlliBBdydsKMUzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZPebgFLiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkJNzA37nzZhM9yg6JVuhKuqABwzYHPbYGJLfpzZL/Rcc8GSWdDWMtaSixPApm7b4sKF+cPOeFYr4n7p1ATqBW+HwisBPjzyj9PiH/207Ax3uMjEQHa3wwtBM8Bv2rMrNrvKacSVfq5w7fVwjXedv5b3yr25ovQch05v/2BXKx8fdbUxEUzEg7JkEucpIz5Mz6QyOgBrnWX4uplWO2zl2IosQN8rz2yysovhInEhocYxUvY+ipj3Yo4IMa3R1R/bNK6FpZbqjuUOJFsQsw4RmFloCY6xaMCuZ68ZCUF0pQnyATFa/yfaYSI4xXjVPyNLjtimX1qZqq/iAyv8Uik0OHzSNS70EtSoipElNnDqGwN2gTN5sWGVPdx4kKs1SqK2gzN9O1JIVw4mK/FJ5I837I9lp8evljfEiDsmkj7ibKae0Yq+uWo7unoeanpqYWBO4JxkQ7xKKAjltKnDeQ9KAcOXmyb+eqm1L3k+E30WLdKjuE1kqTCrZ/VO9wbqbSkAw9RyIos9QuwDyq+3NQCgXYHNE5FeA6Aj4XxPVHOPOr3Auung1uyjjhr3fHGPrvuApjWKnjDkazhfapm60JC0gYzzNZf545KBbEbJvL8RFPxuMLCAhAnLgO03v7tCM9h2YMGRWKPHqiZPbvJsVCW+u0vPvOMZI4JuDf9MvQk6fHugGQ9mV8cZqmpwYAXZG6iEvRnJUWZfWTjgs0HEWgUogoyUvbmh0OfXj5OND6OWPcz7TshD52gDM+XSYunmrue2iaTEZlRbGlCDFeHV3b1MYiIRqFfUi+KJt5dlWkGSbuJQo8ozwnotQjgwPxrI/Ld5yleuJ7+h/Zv4OiGtxYy83RXFcWGz2aDQSkgnH8LbzM7xKlipQpwxkrVgvswuOBRCdEGv6ABaQw9L5OJl+E=
On Mon, 6 Nov 2017 14:32:44 +0000
gcbrowni
<>
wrote:
> Let me know if you think anything is missing; I’m interesting in
> making sure we capture the thinking of the working groups.
Sorry I was absent from this discussion, but let me add something that
some in the Internet research community might raise.
> Recently a trial filter was implemented on the Internet2 Ashburn
> router. The edge filter implements an anti-spoofing filter for
> internal Internet2 addresses. The goal is to reject inbound traffic
> using Internet2 source-IP’s that are sourced outside of Internet2.
This is probably a good compromise.
Traceroute in various forms have been widely used for measuring and
discovering Internet infrastructure. One technique that was used at
least as far back as Bill Cheswick's early Internet map production days
was to spoof the source address of traceroute messages from multiple
sources so responses all went back to a central collector. This helps
not only for collection, but also helps identify paths, links, and
interfaces from different vantage points.
This technique has been adapted over the years and just last week was
brought up again at the Internet Measurement Conference as a valid and
useful way researchers use to measure and understand the Internet.
It would be nice, if possible, to allow this sort of activity. It
should be feasible without too much trouble to allow pinholes from the
edge networks where this can be carefully scoped to legitimate research
projects.
Researchers may want it opened even further than the experimental
filters above, but what you've done seems like an appropriate compromise
to me.
Happy to make introductions to the researchers if desirable. They may
have more to say about their needs and wants.
John
- Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange, John Kristoff, 11/06/2017
- Re: [Security-WG] I2 - Anti-Spoofing/uRPF discussion summary from Technology Exchange, Steven Wallace, 11/06/2017
Archive powered by MHonArc 2.6.19.