MANRS Implementation Guide

6. Additional Information

  • deny ipv6 prefixes on ipv4 bgp sessions
  • can’t find any bogon route filtering in this document at the moment0/8, 10/8, 127/8, 172.16/12, 169.254/16, 192/24, 192.0.2/24, 192.168/16, 198.18/15,198.51.100/24, 203.0.113/24, 224/4, 240/4, I think 100.64/10 should be denied too.
  • ::/128, ::1/128, ::FFFF:0:0/96, ::<ipv4-address>/96, 100::/64, fe80::/10, fc00::/7,2001:db8::/32, 2001:10::/28, ff00::/8 (on unicast sessions)
  • BGP Security? (MD5, TCP AO)
  • Backbone / infrastructure filtering, such as PTP, loopbacks, etc.

7. Historical Background Materials

This document is built on decades of work by network and security professional around the world who have developed, deployed, and communicated techniques which allow for a more robust Internet. The following materials is an attempt to capture all the work this document is built upon.

RFC2827 aka BCP38
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing

Securing the Edge

DNS Distributed Denial of Service (DDoS) Attacks

Spoofer Project

RFC3024 – Reverse Tunneling for Mobile IP, revised

ISOC Anti-Spoofing Page

“Network Hygiene Pays Off” – The Business Case for IP Source Address Verification – Joao Luis Silva Damas & Daniel Karrenberg,

“RIPE Anti-Spoofing Task Force HOW-TO”,

Comparative Evaluation of Spoofing Defenses – Ezra Kissel, University of Delaware and Jelena Mirkovic, USC/ISI

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering – Robert Beverly MIT CSAIL, Arthur Berger MIT CSAIL, Young Hyun CAIDA, k claffy CAIDA

RFC 4948 – Report from the IAB workshop on Unwanted Traffic March 9-10, 2006

8. Acknowledgements

The main authors of this document are David Freedman, Brian Foust, Barry Greene, Ben Maddison, Andrei Robachevsky, Job Snijders and Sander Steffann. We also thank Will van Gulik, Jakob Heitz and Aris Lambrianidis, Kevin Meynell and Massimiliano Stucchi for their review and contributions to this document.