From BCP38
Jump to: navigation, search

CPE stands for Customer-premises equipment. A consumer-grade or better router in your home which implements NAT can block some outbound forged attack traffic, which might be generated by malware you don't know your computers have on them, so it is still useful, even though it is egress filtering.

The following table shows a list of CPE tested with spoofing verification projects.

In the 4th and 5th columns, a green 'Ok' means that the router drops the forged traffic as it should; a red 'X' means that the traffic passes through.

Vendor Model Firmware BCP38.info Spoofer (MIT) Last Test ISP
Thomson SpeedTouch 516 Ok Ok 2013/03/31
SageMCom 2864-000000-002 FAST2864_v6740S X X 2013/03/31

Contributing to the table

If you have such a router, and are inclined to grab one or more of the testing programs listed on the projects page and tun it, please add your data here. Note that you should say where you're testing from, "Road Runner Tampa Bay" for example, in the last column. If your ISP already implements BCP38, you can't really test CPE, so you should probably run the testers on a PC connected directly to your DSL or cablemodem first*.

(* Note that if you do this, you're changing the Ethernet address which the cablemodem sees; this often requires power-cycling that modem so it will accept traffic from the new device, and again when you switch back.)

Personal tools