This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/bcop@ripe.net/
[bcop] anti-spoofing document
- Previous message (by thread): [bcop] anti-spoofing document
- Next message (by thread): [bcop] anti-spoofing document
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Benno Overeinder
benno at NLnetLabs.nl
Tue Nov 11 22:40:12 CET 2014
Hi Mikael, On 11/11/14 21:05, Mikael Abrahamsson wrote: > I keep running into people who have never heard of the excellent > document that Torbjörn Eklöv has created over time. It came out of work > to create requirements and certification for access networks, one large > reason was to assure a secure end user connection that didn't have MITM > and spoofing problems. > > The main site is here: > > http://secureenduserconnection.se/ > > Direct link to the current version of the document: > > http://secureenduserconnection.se/wp-content/uploads/2012/02/SEC-Secure-End-user-Connection-2014-05-30.pdf > > > I recommend everybody looking for information and requirements on how to > create a secure network to read this document. It's very comprehensive. Thank you for this reference to this comprehensive work. By its completeness, the document could be a basis for a number of BCOPs. For the IPv4 and IPv6 address spoofing, the documents suggests using a access filtering based on IPv4/6 address whitelist table on customer ports. For IPv6 it gives examples to build such a whitelist table, but I see in the edit history, they removed such examples for IPv4. I will check if the examples are still in previous versions of the document. Good topic for ongoing discussions now we start thinking of TCP FastOpen (https://tools.ietf.org/html/draft-ietf-tcpm-fastopen) and UDP gained new interest as an alternative to surf the web (https://ripe69.ripe.net/wp-content/uploads/presentations/166-quic.v0.1.pdf). Cheers, -- Benno -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/
- Previous message (by thread): [bcop] anti-spoofing document
- Next message (by thread): [bcop] anti-spoofing document
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ BCOP Archives ]