BCP38 is not just for IPv4

Merike Kaeo merike at doubleshotsecurity.com
Thu Mar 28 03:18:46 CET 2013


Since the Spamhouse/Cloudflare DDoS is now hitting news I figured I'd remind folks here that BCP38 (ingress filtering)
http://tools.ietf.org/html/bcp38  is not just for IPv4.

Check your routers for IPv4 and IPv6 uRPF configuration ability and enable it  (after understanding difference between loose and strict uRPF modes) :)

IP address spoofing is something that many have known are problematic but sadly it takes real attacks to make people wake up.

Post mortem will determine whether any IPv6 traffic involved but there were IPv4 and IPv6 addresses listed on some pleas for overall filtering.

Let the press mayhem begin.....I decided not to send a link to any one article since they all are fairly bad at the overall facts and some more sensationalistic than others.  There will be talks at NANOGs and RIPEs and other operational forums that will tell the real deal.  But note that spoofing is a very real problem and is by far the most prevalent reason that amplification attacks are realized.

- merike


More information about the ipv6-ops mailing list