nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ingress filtering on transits, peers, and IX ports

From: Casey Deccio <casey () deccio net>
Date: Mon, 19 Oct 2020 16:45:25 -0600


On Oct 14, 2020, at 3:34 PM, Eric Kuhnke <eric.kuhnke () gmail com> wrote:

I think he means packet captures from an example, voluntarily-tested recursive nameserver subject to this attack.



Thanks.  We have updated all the report pages with a self-test tool specific to the network associated with the report. 
 This should allow a network admin that received our report to check whether or not the condition still exists and to 
perform a packet capture from whatever vantage point they want in their network.

A more general tool (i.e., for anyone to use) will be made available in the future.

Cheers,
Casey




On Wed, Oct 14, 2020 at 11:53 AM Casey Deccio <casey () deccio net <mailto:casey () deccio net>> wrote:
Hi Bryan,


On Oct 14, 2020, at 12:43 PM, Bryan Holloway <bryan () shout net <mailto:bryan () shout net>> wrote:

I too would like to know more about their methodology


We've written up our methodology and results in a paper that will be available in a few weeks.  Happy to post it here 
if folks are interested.  Obviously, no networks are individually identified; it's all aggregate.

Also, we're working on a self-test tool, but it's not quite ready yet.  Sorry.


and actual tangibles ideally in the form of PCAPs.


What do you mean by "tangibles in the form of PCAPs"?

Casey
Previous By Date Next
Previous By Thread Next

Current thread: