MANRS Implementation Guide


6. Additional Information

  • deny ipv6 prefixes on ipv4 bgp sessions
  • can’t find any bogon route filtering in this document at the moment0/8, 10/8, 127/8, 172.16/12, 169.254/16, 192/24, 192.0.2/24, 192.168/16, 198.18/15,198.51.100/24, 203.0.113/24, 224/4, 240/4, I think 100.64/10 should be denied too.
  • ::/128, ::1/128, ::FFFF:0:0/96, ::<ipv4-address>/96, 100::/64, fe80::/10, fc00::/7,2001:db8::/32, 2001:10::/28, ff00::/8 (on unicast sessions)
  • BGP Security? (MD5, TCP AO)
  • Backbone / infrastructure filtering, such as PTP, loopbacks, etc.

7. Historical Background Materials

This document is built on decades of work by network and security professional around the world who have developed, deployed, and communicated techniques which allow for a more robust Internet. The following materials is an attempt to capture all the work this document is built upon.

RFC2827 aka BCP38
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
http://www.ietf.org/rfc/rfc2827.txt

SSAC004
Securing the Edge http://www.icann.org/committees/security/sac004.txt

SSAC008
DNS Distributed Denial of Service (DDoS) Attacks http://www.icann.org/committees/security/dns-ddos-advisory-31mar06.pdf

Spoofer Project https://spoofer.caida.org/

RFC3024 – Reverse Tunneling for Mobile IP, revised ftp://ftp.rfc-editor.org/in-notes/rfc3024.txt

ISOC Anti-Spoofing Page http://www.Internetsociety.org/deploy360/anti-spoofing/

“Network Hygiene Pays Off” – The Business Case for IP Source Address Verification – Joao Luis Silva Damas & Daniel Karrenberg, https://www.ripe.net/publications/docs/ripe-432

“RIPE Anti-Spoofing Task Force HOW-TO”, https://www.ripe.net/publications/docs/ripe-431

Comparative Evaluation of Spoofing Defenses – Ezra Kissel, University of Delaware and Jelena Mirkovic, USC/ISI

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering – Robert Beverly MIT CSAIL, Arthur Berger MIT CSAIL, Young Hyun CAIDA, k claffy CAIDA

RFC 4948 – Report from the IAB workshop on Unwanted Traffic March 9-10, 2006

8. Acknowledgements

The main authors of this document are David Freedman, Brian Foust, Barry Greene, Ben Maddison, Andrei Robachevsky, Job Snijders and Sander Steffann. We also thank Will van Gulik, Jakob Heitz and Aris Lambrianidis, Kevin Meynell and Massimiliano Stucchi for their review and contributions to this document.