On 10/02/14 06:10, Mikael Abrahamsson wrote: > > Hi, > > To fix a lot of the DDOS attacks going on, we need to make sure BCP38 > compliance goes up. Only way to do this I can think of, is large scale > BCP38 testing. One way of doing this, is to have large projects such > as OpenWRT, RIPE Atlas project, perhaps even CPE vendors, implement > something that would spoof 1 packet per day or something to a known > destination, and in this packet the "real" source address of the > packet is included.
A proof of concept could be as simple as a basic BCP38 test implemented into the OpenWRT/DD-WRT UI. > I have been getting pushback from people that this might be "illegal". > Could anyone please tell me what's illegal about trying to send a > packet with a random source address? You could reserve yourself an IP address in a subnet you own and use that as a source IP for testing. > If we can get consensus in the operational world that this is actually > ok, would that help organisations to implement this kind of testing. I > could see vendors implement a test like "help verify network stability > and compliance, these tests are anonymous" checkbox during the initial > install, or something like this. In short: . Test Client call the BCP38 Test Server for a Token; . Test Client send a test packet with that token in the payload; . Test Client call the BCP38 Test Server with the Token and the server returns pass of fail which is displayed back in the CPE UI; While being over simplified, BCP38.org has some perl scripts from last year NTP DDoS rush that actually does part of this. If the initial proof of concept get traction, a more complete BCP38 test set can be implemented, there is a few projects out there that could be approached for it. > Why isn't this being done? Why are we complaining about 300 gigabit/s > DDOS attacks, asking people to fix their open resolvers, NTP servers > etc, when the actual culprit is that some networks in the world don't > implement BCP38? "most networks in the world" BCP38 compliance is the exception not the norm. PS: About that uRPF Convo, we could dump all that knowledges into lets say... some comprehensive wiki page maybe =D That way when the topic arise we could just link to it.