[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[c-nsp] DNS amplification

On Sun, 17 Mar 2013, Arturo Servin wrote:

> 	Now, how widely is deployed?
> 	Someone said in the IEPG session during the IETF86 that 80% of the
> service providers had done it?
> 	This raises two questions for me. One, is it really 80%, how to measure it?
> 	Second, if it were 80%, how come the 20% makes so much trouble and how
> to encourage it to deploy BCP38?

You'd have to get access (cloud VM, dedicated server, etc.) on each 
network and see if you can successfully get spoofed packets out to 
another network.

I seriously doubt those numbers though.  I'd bet it's more like 80% of 
service providers are too embarrassed to admit they're not doing BCP38 
filtering (or don't know what it is), and 20% are doing it on at least 
some parts of their network.

  Jon Lewis, MCP :)           |  I route
                              |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________