Category Archives: sav

BCP38 and Orange (Part I)

No stats on BCP-38

I sent a mail this morning to query about the status of BCP38 in Mauritius & Africa on the afnog mailing list. I could not get any statistics concerning the adoption of BCP38 in Mauritius & Africa. After discussing the matter with various and SM (of the Mauritius Internet Users), I decided to look around for tools that help to measure source address validation measures from Orange, my ISP.

What is BCP-38 ?

BCP-38 is a recommended Internet Standard that essentially aims at eliminating Source Address Spoofing. This has been the cause of a lot of trouble lately on the Internet. A few days ago, A massive DDOS attack was launched againt the DNS infrastructure of the Internet. Had BCP-38 been implemented all over the world, we would see less of those attacks. Those attacks are crippling to the Internet, as almost any service (facebook, twitter, instagram) relies on DNS to work so that users can reach them.

Orange and BCP-38

I found a nice tool known as spoofer, which is part of a University project that aims at profiling the deployment of BCP-38 across the Internet. After installing the tool, i fired it on another terminal :)
>> CAIDA IP Spoofing Tester v0.8d
>> Copyright 2015 The Regents of the University of California
>> Copyright 2004-2009 Rob Beverly

The results

After running the test for a while, It gives you a URL which gives you a summary. Quoting from my URL :
Test run at: 2015-12-14 08:41:05
Test from:
Sourced Probes: 93
Can spoof private address no
Can spoof routable address no
Largest neighbor prefix that can be spoofed none


Surprisingly, Orange(Mauritius) seems to implement BCP-38. However, It might also be my router which is filtering spoofed addresses from my machine. Tomorrow, I will use a standard modem, and later I will hook it directly. My test tomorrow might reveal some interesting issues :)