On Wed, Mar 01, 2017 at 11:22:44AM +0100, Jeroen Massar wrote:
On 2017-03-01 09:58, Franziska Lichtblau wrote:
we are a team of researchers from TU Berlin [1] working on a measurement project to assess the ramifications of traffic with spoofed source IP addresses in the Internet.
To better understand the operational challenges that you as network operators face when deploying (or not deploying) source IP address filtering techniques, we'd like to invite you to participate in our survey.
If you could spare 5 minutes of your time, we'd be delighted if you could fill out our survey form and tell us about your current practices regarding network filtering.
To participate, please visit: [2] http://filteringsurvey.inet.tu-berlin.de/
You are missing the option for:
"hardware does not support it at line rate"
Which is the most important excuse by the larger networks to not enable BCP38/SAVE[1]/MANRS[2].
Good point! I hope people suffering from that will tell us that with the open option, but you're right we should have considered that.
Most smaller shops, where the traffic conditions fit inside the hardware budget, just do not care enough unfortunately...
That was my feeling.
Oh, and indeed, Switzerland is a bad place for BCP38, most networks allow spoofing on both IPv4 and IPv6.
Which is "kinda good" for me cause only answers from people who are implementing all of that won't help us much understanding whats going on ;)
Thank you! Franziska