nanog mailing list archives

Re: BCP38.info

From: Andrei Robachevsky <robachevsky () isoc org>
Date: Wed, 29 Jan 2014 11:11:00 +0100

Jared Mauch wrote on 1/28/14 10:11 PM:

192.168.0.1 has a rule that says send UDP/53 packets I process to 172.16.0.1.  Since i'm "outside" it's "NAT", the 
rule ends up taking the source IP, which isn't part of it's "NAT" set, and ends up copying my "source" IP into the 
packet, then forwards it to the DNS server.


This is really broken. Do you have any idea as to why such rule is
implemented? I also heard that some CPE implement exactly the same logic
if one spoof src IP inside their NAT. I think that the Spoofer project
discards tests from the inside NAT, but maybe they track such cases?

Andrei

Current thread:

Re: BCP38.info, (continued)
- - - Re: BCP38.info David Miller (Jan 28)
    - Re: BCP38.info Stephen Frost (Jan 28)
    - Re: BCP38.info Jared Mauch (Jan 28)
    - Re: BCP38.info Jared Mauch (Jan 28)
- Re: BCP38.info Nick Olsen (Jan 28)
  - Re: BCP38.info Jared Mauch (Jan 28)
    - Re: BCP38.info Andrei Robachevsky (Jan 29)
- Re: BCP38.info Nick Olsen (Jan 28)
  - Re: BCP38.info Jared Mauch (Jan 28)
    - Re: BCP38.info Mark Andrews (Jan 28)
    - Re: BCP38.info Andrei Robachevsky (Jan 29)
  - Re: BCP38.info TGLASSEY (Jan 28)
- Re: BCP38.info Nick Olsen (Jan 28)