BCP38 is not just for IPv4
Mike Jones
mike at mikejones.in
Thu Mar 28 12:01:02 CET 2013
On 28 March 2013 02:18, Merike Kaeo <merike at doubleshotsecurity.com> wrote:
> Since the Spamhouse/Cloudflare DDoS is now hitting news I figured I'd
> remind folks here that BCP38 (ingress filtering)
> http://tools.ietf.org/html/bcp38 is not just for IPv4.
>
> Check your routers for IPv4 and IPv6 uRPF configuration ability and enable
> it (after understanding difference between loose and strict uRPF modes) :)
>
> IP address spoofing is something that many have known are problematic but
> sadly it takes real attacks to make people wake up.
>
> Post mortem will determine whether any IPv6 traffic involved but there
> were IPv4 and IPv6 addresses listed on some pleas for overall filtering.
>
> Let the press mayhem begin.....I decided not to send a link to any one
> article since they all are fairly bad at the overall facts and some more
> sensationalistic than others. There will be talks at NANOGs and RIPEs and
> other operational forums that will tell the real deal. But note that
> spoofing is a very real problem and is by far the most prevalent reason
> that amplification attacks are realized.
>
> - merike
To throw a small data point out there, I have had several server/VPS
providers who all (but one) performed filtering on v4, but nearly all
forgot it with v6 (some have since done it).
- Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cluenet.de/pipermail/ipv6-ops/attachments/20130328/19f62b96/attachment.htm>
More information about the ipv6-ops
mailing list