* Jared Mauch: >> On Nov 19, 2016, at 9:13 PM, Frank Bulk <[email protected]> wrote: >> >> My google fu is failing me, but I believe there was a NANOG posting a year >> or two ago that mentioned that if the top x providers would >> implement BCP 38 >> then y% of the traffic (or Internet) would be de-spoofed. The point was >> that we don't even need everyone to implement BCP 38, but if the largest >> (transit?) providers did it, then UDP reflection attacks could be >> minimized. >> >> If someone can recall the key words in that posting and dig it up, that >> would be much appreciated.
> A double lookup of the packet is twice as expensive and perhaps > impractical in some (or many) cases. Do you actually have to filter all packets? Or could you just sample a subset and police the offenders, on the assumption that if you don't implement an anti-spoofing policy, you end up with near-constant leakage?
