nanog mailing list archives

Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)

From: Jared Mauch <jared () puck nether net>
Date: Sun, 11 Aug 2013 11:08:46 -0400

The incidence rate is too high for it to be multihomed hosts.

Let me know if you want to look at the raw data. Very interesting stuff.

Or just look for 8.8.8.8 in the openresolverproject page.

- Jared 

On Aug 11, 2013, at 8:45 AM, Florian Weimer <fw () deneb enyo de> wrote:

* Jared Mauch:

Number of unique IPs that spoofed a packet to me. (eg: I sent a
packet to 1.2.3.4 and 5.6.7.8 responded).


That's not necessarily proof of spoofing, isn't it?  The system in
question might legitimately own IP addresses from very different
networks.  If the system is a router and the service you're pinging is
not correctly implemented and it picks up the IP address of the
outgoing interface instead of the source address of the request,
that's totally expected.

I'm not saying that BCP 38 is widely implement (it's not, unless
operators have configured exceptions for ICMP traffic from private
address, which I very much doubt).  I just think you aren't actually
measuring spoofing capabilities.

Current thread:

Re: SNMP DDoS: the vulnerability you might not know you have bottiger (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Mark Andrews (Jul 31)
- Re: SNMP DDoS: the vulnerability you might not know you have Saku Ytti (Jul 31)
  - Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Matthew Petach (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Florian Weimer (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jimmy Hess (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Florian Weimer (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Christopher Morrow (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Florian Weimer (Aug 11)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Heather Schiller (Aug 22)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Blake Dunlap (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Valdis . Kletnieks (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Blake Dunlap (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Jared Mauch (Aug 08)
    - Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have) Blake Dunlap (Aug 08)

(Thread continues...)