In message <1232561124.6369.187.ca...@d410-heron>, "Niall O'Reilly" writes: > On Wed, 2009-01-21 at 12:44 +1100, Mark Andrews wrote: > > You should talk to your ISP to chase the traffic back to > > its source and get BCP 38 implemented there. BCP 38 is ~10 > > years old now. There is no excuse for not filtering spoofed > > traffic. > > Absolutely. > > Putting myself at the other end of the telescope, I'm wondering > what tools (if any) are available for verifying that the ingress > filtering actually in place is indeed compliant with BCP 38. > > I try to be conscientious, but drawing valid conclusions from > visual inspection of the ACLs is already a challenge for my > domestic network (3 LANs and an upstream). Enterprise (even > with only one upstream) or ISP networks are likely more > difficult to verify. > > Pointers for my next RTFM binge are welcome. Further discussion > is probably off-topic for the bind-users list. > > /Niall
One way to test is to have a test box that sends spoofed traffic to a machine you control. You should be able to detect acl or other hits. Checking the acls regularly is also a way to detect compromised machines that could be used for a different badness. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users