[nsp-sec] creative lying
Smith, Donald
Donald.Smith at qwest.com
Tue Sep 2 15:09:00 EDT 2008
No problem at all except who owns/manages the CPE (customer provided
equipment) and what is their payout for doing this?
I agree its a good idea how do we get our customers to perform that
filtering?
In many cases the guy setting up an enterprises router has never heard
of cymru or seen cisco's security blue prints or read a juniper manual
about security. They simply want to router to work and once it begins
working they leave it alone.
Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Alfredo Sola
> Sent: Tuesday, September 02, 2008 11:48 AM
> To: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] creative lying
>
> ----------- nsp-security Confidential --------
>
>
> > thing works at all because so few people use/deploy/maintain BCP-38
> > compliance. This was an eye-opener for me.
>
> >
> http://www.caida.org/workshops/wide/0808/slides/measuring_reve
> rse_paths.pdf
>
> I've been wondering for years, what is so complicated
> about not letting
> spoofed packets out of CPE routers? Even at an aggregation level my
> experience is that it creates no issues at all, and it does
> eliminate a
> source of potential (but all too often very real) trouble. Plus, it's
> not anything even remotely complicated to deploy; in Cisco-land, it's
> one sentence per interface - easily added to a template (such as Team
> Cymru's excellent reference secure templates, which do have it).
>
> Perhaps this one is for -discuss.
>
> --
> Alfredo Sola
> ASP5-RIPE
> http://alfredo.sola.es/
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
>
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list