Home page logo
/

nanog logo nanog mailing list archives

Re: BCP38 tester?
From: Jay Ashworth <jra () baylink com>
Date: Tue, 2 Apr 2013 10:37:22 -0400 (EDT)

----- Original Message -----
From: "Jimmy Hess" <mysidia () gmail com>

On 4/1/13, Jay Ashworth <jra () baylink com> wrote:
It would just be way too much luck and convenience for that to
happen
by coincidence.

Once in a while, you win.

The trouble with winning by coincidence or winning as a side-effect...
Do you keep winning?

Depends on how you won.

What happens with IPv6 CPE devices, when there is no NAT?

Well, that's going to be an interesting question in general: 
will v6 edge routers a) exist, b) handle the addressing, c) handle
DHCP, d) actually not do NAT, or e) NAT a v4 home network to a v6
address/network?

No translation occurs, so possibly rogue source IP packets get
through, unless the device specifically applies uRPF or clamping
source addresses to the LAN interface subnet.

It would be nice if the RFCs specified Ingress filtering by default in
router requirements for IPv4 and IPv6, as a MUST requirement; instead
of some 2nd class citizen, optional best practices document.

Nah.  That's *not* ingress filtering, for all practical purposes; it's 
*egress* filtering -- filtering that's under control of the network 
operating entity, and thus semi-useless for the purposes at hand.

(On re-reading that, I see I'm not entirely clear: any filtering has to
be done on the upsptream end of the link, so that it is *not* in control
of the entity which might be originating the bad packets; John Carmack
illustrated why in his piece about Quake cheating.  What; you haven't 
read that piece?  And you run networks?  :-)

Cheers,
-- jra

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra () baylink com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]