[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenNTPProject.org

Subject: OpenNTPProject.org
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Thu, 16 Jan 2014 14:30:35 +0000
In-reply-to: <[email protected]>
References: <[email protected]> <CAAf7UomfGfm99w1hav67dPcaYp8Ote4ex-ncdbHKTb__yO6FPQ@mail.gmail.com> <[email protected]> <[email protected]> <CABSP1Oct6JTfjp2Gk7G1LqPMUms49nQHJ3z6gMM1Nxx9CG76OA@mail.gmail.com> <[email protected]>

On Jan 15, 2014, at 12:05 AM, Saku Ytti <saku at ytti.fi> wrote:

> (We do BCP38 on all ports and verify programmatically, but I know it's not at all practical solution globally for access).

Anti-spoofing is eminently practical for most types of access network topologies using even slightly modern equipment; uRPF, ACLs, cable IP source verify, DHCP Snooping (which works just fine with fixed-address hosts), PACLs/VACLs, et. al. are some of the more prevalent mechanisms available.

In point of fact, anti-spoofing is most useful and most practical at the access-network edge, or as close to it as possible.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

Follow-Ups:
- OpenNTPProject.org
  - From: saku at ytti.fi (Saku Ytti)

References:
- OpenNTPProject.org
  - From: Derek.Andrew at usask.ca (Derek Andrew)
- OpenNTPProject.org
  - From: bzeeb-lists at lists.zabbadoz.net (Bjoern A. Zeeb)
- OpenNTPProject.org
  - From: saku at ytti.fi (Saku Ytti)
- OpenNTPProject.org
  - From: damian at google.com (Damian Menscher)
- OpenNTPProject.org
  - From: saku at ytti.fi (Saku Ytti)

Prev by Date: OpenNTPProject.org
Next by Date: Internet Routing Registries - RADb, etc
Previous by thread: OpenNTPProject.org
Next by thread: OpenNTPProject.org
Index(es):
- Date
- Thread