nanog mailing list archives
Re: BCP38 Deployment
From: Valdis.Kletnieks () vt edu
Date: Wed, 28 Mar 2012 23:42:57 -0400
On Wed, 28 Mar 2012 13:36:49 -0700, Leo Bicknell said:
I think some engineers need to ask some interesting questions, like how, in a box doing NAT to an outside IP, does it ever emit a packet not from that outside IP? The fact that you can spoof packets through some of the NAT implementations out there is mind-blowing to me.
The mind-blowing part for me: Look at the MIT spoofing website, at what percent of the net's address space is spoofable. Then consider what percent of the net is behind a NAT (either consumer grade, or enterprise NAT). http://spoofer.csail.mit.edu/summary.php They're reporting that 20% or so (eyeballing) is unable to spoof due to a NAT. From that, and a guess of what % is *really* behind a NAT, we can make an estimate of how common this failure mode is.
Attachment:
_bin
Description:
Current thread:
- Re: BCP38 Deployment, (continued)
- Re: BCP38 Deployment Leo Bicknell (Mar 28)
- Re: BCP38 Deployment Darius Jahandarie (Mar 28)
- Re: BCP38 Deployment David Conrad (Mar 28)
- Re: BCP38 Deployment Darius Jahandarie (Mar 28)
- Re: BCP38 Deployment Bingyang LIU (Mar 28)
- RE: BCP38 Deployment Drew Weaver (Mar 28)
- Re: BCP38 Deployment Michael Thomas (Mar 28)
- Re: BCP38 Deployment Leo Bicknell (Mar 28)
- Re: BCP38 Deployment Michael Thomas (Mar 28)
- Re: BCP38 Deployment Leo Bicknell (Mar 28)
- Re: BCP38 Deployment Valdis . Kletnieks (Mar 28)
- Re: BCP38 Deployment David Conrad (Mar 28)
- Re: BCP38 Deployment Leo Bicknell (Mar 28)
- Re: BCP38 Deployment goemon (Mar 28)
- Re: BCP38 Deployment Bingyang LIU (Mar 28)
- Re: BCP38 Deployment Eric Brunner-Williams (Mar 28)
- Re: BCP38 Deployment Bingyang LIU (Mar 28)
- Re: BCP38 Deployment goemon (Mar 28)
- Re: BCP38 Deployment Joe Provo (Mar 29)
- Re: BCP38 Deployment Jon Lewis (Mar 29)
- Re: BCP38 Deployment Joe Provo (Mar 29)