BCP 38
E35280
BCP 38 is an Internet Engineering Task Force (IETF) Best Current Practice that recommends network ingress filtering to prevent IP address spoofing and reduce the impact of denial-of-service attacks.
Statements (39)
| Predicate | Object |
|---|---|
| instanceOf |
IETF Best Current Practice
→
network security recommendation → |
| abbreviationFor |
Best Current Practice 38
→
|
| addressesProblem |
IP source address spoofing
→
distributed denial-of-service attacks → reflection and amplification attacks → |
| aimsTo |
increase accountability of traffic sources
→
reduce abuse of spoofed addresses in attacks → |
| appliesTo |
Internet service providers
→
edge networks → network operators → |
| associatedWith |
IETF
→
|
| category |
Internet standardization document
→
|
| documentSeries |
Best Current Practice (BCP)
→
|
| encourages |
deployment of ingress filters at network boundaries
→
|
| focusesOn |
ingress filtering of IP packets
→
|
| governedBy |
IETF standards process
→
|
| hasAudience |
ISPs
→
network engineers → security engineers → |
| hasFullName |
Best Current Practice 38
→
|
| intendedEffect |
improve overall Internet security posture
→
limit propagation of spoofed traffic across the Internet → |
| primaryGoal |
prevent IP address spoofing
→
reduce impact of denial-of-service attacks → |
| publishedBy |
Internet Engineering Task Force
→
|
| recommends |
network ingress filtering
→
|
| relatedConcept |
DDoS protection
→
Internet infrastructure security → anti-spoofing filters → source address validation → |
| requires |
dropping traffic with invalid source prefixes
→
filtering packets with spoofed source addresses → |
| securityDomain |
DDoS mitigation
→
Internet routing security → source address validation → |
| status |
active Best Current Practice
→
|
| targetLayer |
network layer
→
|
| usesProtocol |
IP
→
|
Referenced by (1)
| Subject (surface form when different) | Predicate |
|---|---|
|
Best Current Practice
→
|
hasExample |