nanog mailing list archives
Re: BCP38.info
From: Jared Mauch <jared () puck nether net>
Date: Tue, 28 Jan 2014 15:03:45 -0500
On Jan 28, 2014, at 2:57 PM, Nick Olsen <nick () flhsi com> wrote:
Agreed. Our's listed for AS36295 are two customers, Which I know for a fact have their default route set out of a GRE tunnel interface. So while we hand them the request to their interface IP we've assigned them. The response is actually sent, And transported via the customers GRE Tunnel, And HQ's Dedicated internet access where their tunneling to. Making it appear that the reply has been spoofed. When in reality. it was just silent transported to another area before being sent to the src.
Sure, but this means that network is allowing the spoofing :) What I did last night was automated comparing the source ASN to the dest ASN mapped to and reported both the IP + ASN on a single line for those that were interested. I'm seeing a lot of other email related to BCP-38 right now on another list, but I wanted to share some data (again) in public regarding the state of network spoofing out there. I'd rather share some data and how others can observe this to determine how we can approach a fix. Someone spoofing your IP address out some other carrier is something you may be interested to know about, even if you have a non-spoofing network. - jared
Current thread:
- Re: BCP38.info, (continued)
- Re: BCP38.info Jay Ashworth (Jan 26)
- Re: BCP38.info Jared Mauch (Jan 28)
- Re: BCP38.info TGLASSEY (Jan 28)
- Re: BCP38.info Valdis . Kletnieks (Jan 28)
- Re: BCP38.info Jared Mauch (Jan 28)
- Re: BCP38.info David Miller (Jan 28)
- Re: BCP38.info Stephen Frost (Jan 28)
- Re: BCP38.info Jared Mauch (Jan 28)
- Re: BCP38.info Jared Mauch (Jan 28)
- Re: BCP38.info Jay Ashworth (Jan 26)
- Re: BCP38.info Jared Mauch (Jan 28)
- Re: BCP38.info Andrei Robachevsky (Jan 29)
- Re: BCP38.info Jared Mauch (Jan 28)
- Re: BCP38.info Mark Andrews (Jan 28)
- Re: BCP38.info Andrei Robachevsky (Jan 29)
- Re: BCP38.info TGLASSEY (Jan 28)