• Skip to primary navigation
  • Skip to main content
MANRS

MANRS

Mutually Agreed Norms for Routing Security

  • Home
  • About
    • About MANRS
    • History
    • Partners
    • Advisory Group
      • Description and Role
      • Members
    • Testimonials
    • Contact Us
  • Programmes
    • Network Operators
      • Network Operators Programme and Actions
      • Implementation Guide
      • Participants
      • Join MANRS
    • IXPs
      • IXP Programme and Actions
      • Participants
      • Join IXP Programme
    • CDN and Cloud Providers
      • CDN and Cloud Providers Programme and Actions
      • Participants
      • Join the Programme
  • MANRS Ambassadors
  • Resources
    • All Resources
      • Implementation Guide
      • Papers
    • Training
      • Workshops
      • Tutorials
    • Promote MANRS
  • Observatory
  • Blog
  • Join

Additional Information

You are here: Home / MANRS for Network Operators / MANRS Implementation Guide – Online Version / Additional Information

MANRS Implementation Guide

  • Introduction
  • Coordination
  • Global Validation
  • Anti-Spoofing
  • Filtering
  • Summary and checklists
  • Additional information

6. Additional Information

  • deny ipv6 prefixes on ipv4 bgp sessions
  • can’t find any bogon route filtering in this document at the moment0/8, 10/8, 127/8, 172.16/12, 169.254/16, 192/24, 192.0.2/24, 192.168/16, 198.18/15,198.51.100/24, 203.0.113/24, 224/4, 240/4, I think 100.64/10 should be denied too.
  • ::/128, ::1/128, ::FFFF:0:0/96, ::<ipv4-address>/96, 100::/64, fe80::/10, fc00::/7,2001:db8::/32, 2001:10::/28, ff00::/8 (on unicast sessions)
  • BGP Security? (MD5, TCP AO)
  • Backbone / infrastructure filtering, such as PTP, loopbacks, etc.

7. Historical Background Materials

This document is built on decades of work by network and security professional around the world who have developed, deployed, and communicated techniques which allow for a more robust Internet. The following materials is an attempt to capture all the work this document is built upon.

RFC2827 aka BCP38
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
http://www.ietf.org/rfc/rfc2827.txt

SSAC004
Securing the Edge http://www.icann.org/committees/security/sac004.txt

SSAC008
DNS Distributed Denial of Service (DDoS) Attacks http://www.icann.org/committees/security/dns-ddos-advisory-31mar06.pdf

Spoofer Project https://spoofer.caida.org/

RFC3024 – Reverse Tunneling for Mobile IP, revised ftp://ftp.rfc-editor.org/in-notes/rfc3024.txt

ISOC Anti-Spoofing Page http://www.Internetsociety.org/deploy360/anti-spoofing/

“Network Hygiene Pays Off” – The Business Case for IP Source Address Verification – Joao Luis Silva Damas & Daniel Karrenberg, https://www.ripe.net/publications/docs/ripe-432

“RIPE Anti-Spoofing Task Force HOW-TO”, https://www.ripe.net/publications/docs/ripe-431

Comparative Evaluation of Spoofing Defenses – Ezra Kissel, University of Delaware and Jelena Mirkovic, USC/ISI

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering – Robert Beverly MIT CSAIL, Arthur Berger MIT CSAIL, Young Hyun CAIDA, k claffy CAIDA

RFC 4948 – Report from the IAB workshop on Unwanted Traffic March 9-10, 2006

8. Acknowledgements

The main authors of this document are David Freedman, Brian Foust, Barry Greene, Ben Maddison, Andrei Robachevsky, Job Snijders and Sander Steffann. We also thank Will van Gulik, Jakob Heitz and Aris Lambrianidis, Kevin Meynell and Massimiliano Stucchi for their review and contributions to this document.

← PREVIOUS SECTION: Summary and Checklists
MANRS logo
Join MANRS
  • Sharing Our Content
  • Terms of Use
  • Privacy Policy
  • Contact
Follow us: Follow MANRS on Twitter Follow MANRS on Facebook Follow MANRS on LinkedIn Follow MANRS on YouTube

MANRS Document © 2016–2021