nanog mailing list archives

Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 11 Aug 2013 17:40:28 +0200

* Jared Mauch:

The incidence rate is too high for it to be multihomed hosts.

Let me know if you want to look at the raw data. Very interesting stuff.

Or just look for 8.8.8.8 in the openresolverproject page.


Indeed, I could verify that 5.61.0.0 can indeed spoof one of my IP
addresses to the 8.8.8.8 DNS resolver.  For a cache miss, I get a
query from a Google IP address and the 8.8.8.8 reply has a plausible
TTL, so I don't think it's spoofing the response.

Apparently, they're implementing DNS proxy by destination-NATting, and
because they listen also on the WAN interface, they get the source
address wrong.

This is quite scary.

Current thread:

Re: SNMP DDoS: the vulnerability you might not know you have bottiger (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Mark Andrews (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Saku Ytti (Jul 31)
  - Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Matthew Petach (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Florian Weimer (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jimmy Hess (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Florian Weimer (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Christopher Morrow (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Florian Weimer (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Heather Schiller (Aug 22)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Blake Dunlap (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Valdis . Kletnieks (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Blake Dunlap (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Blake Dunlap (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)

(Thread continues...)