Dear WG, We have newly submitted a draft that identifies two specific situations of IP spoofing where existing anti-spoofing approaches may fail to work. Besides, we also have a section discussing how such cases could possibly be tackled.
Any thoughts or suggestions would be very welcome! BR, Yunan -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Tuesday, September 22, 2020 3:01 PM To: Guyunan <[email protected]>; Dan Li <[email protected]>; Tao Lin <[email protected]>; Lancheng Qin <[email protected]>; Jianping Wu <[email protected]> Subject: New Version Notification for draft-li-opsec-sav-gap-analysis-00.txt A new version of I-D, draft-li-opsec-sav-gap-analysis-00.txt has been successfully submitted by Yunan Gu and posted to the IETF repository. Name: draft-li-opsec-sav-gap-analysis Revision: 00 Title: Soure Address Validation: Gap Analysis Document date: 2020-09-22 Group: Individual Submission Pages: 12 URL: https://www.ietf.org/id/draft-li-opsec-sav-gap-analysis-00.txt Status: https://datatracker.ietf.org/doc/draft-li-opsec-sav-gap-analysis/ Htmlized: https://datatracker.ietf.org/doc/html/draft-li-opsec-sav-gap-analysis Htmlized: https://tools.ietf.org/html/draft-li-opsec-sav-gap-analysis-00 Abstract: This document identifies scenarios where existing IP spoofing approaches for detection and mitigation don't perform perfectly. Exsiting SAV (source address validation) approaches, either Ingress ACL filtering [RFC2827], unicast Reverse Path Forwarding (uRPF) [RFC3704], Feasible Path uRPF [RFC 3704], or Enhanced Feasible-Path uRPF [RFC8704] has limitations regarding eihter automated implemetation objective or detection accuracy objective (0% false positive and 0% false negative). This document provides the gap analysis of the exsting SAV approaches, and also provides solution discussions. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
