On 2013-03-31, at 10:48 AM, Jay Ashworth <j...@baylink.com> wrote: > Is there a program which users can run on an end-site workstation which > would test whether they are being some link which is doing BCP38, or some > related type of source-address ingress filtering? > > I'm hoping for something that could be downloaded by users and run, and > try to forge a few packets to somewhere useful, which could be logged > somehow in conjunction with some unforged packets containing a traceroute, > so we could build up a database of leaky networks. > > On a related topic, while I know GRC Research's Steve Gibson is a bit of > a polarizing personality, he does have a fairly sizable consumer audience, > and might be a great distribution venue for such a thing. > > Or, perhaps, is there someone on here from Ookla? > > Patrick? Could Akamai be persuaded to take an interest in this as a > research project?
From my perspective, 99% of end-users probably don't understand (or care) that their provider might be responsible for initiating or precipitating a DDoS attacks, period. Most network operators are probably either too inexperienced to understand or too lazy to care. I believe that most everyone has a CPE of some sort, whether their service is resi or commercial. So, what about shifting the focus to the CPE manufacturers? They bend to technology and/or market pressures by bringing things like NAT, Firewalls, DLNA, UPnP, IPv6 (heh), PPPoE, RFC1483, etc. to their respective products in to satisfy technology limitations or security concerns or whatever. Why can't they help the cause by implementing some sort of RFC'ified BCP38 thing?
