[151705] in North American Network Operators' Group
Re: BCP38 Deployment
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Wed Mar 28 23:44:02 2012
To: Leo Bicknell <bicknell@ufp.org>
In-Reply-To: Your message of "Wed, 28 Mar 2012 13:36:49 -0700."
<20120328203649.GA52866@ussenterprise.ufp.org>
From: Valdis.Kletnieks@vt.edu
Date: Wed, 28 Mar 2012 23:42:57 -0400
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1332992577_59750P
Content-Type: text/plain; charset=us-ascii
On Wed, 28 Mar 2012 13:36:49 -0700, Leo Bicknell said:
> I think some engineers need to ask some interesting questions, like
> how, in a box doing NAT to an outside IP, does it ever emit a packet
> not from that outside IP? The fact that you can spoof packets
> through some of the NAT implementations out there is mind-blowing
> to me.
The mind-blowing part for me: Look at the MIT spoofing website, at
what percent of the net's address space is spoofable. Then consider
what percent of the net is behind a NAT (either consumer grade,
or enterprise NAT).
http://spoofer.csail.mit.edu/summary.php
They're reporting that 20% or so (eyeballing) is unable to spoof due
to a NAT. From that, and a guess of what % is *really* behind a NAT,
we can make an estimate of how common this failure mode is.
--==_Exmh_1332992577_59750P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBT3PaQQdmEQWDXROgAQKRuBAArhPiKB322rvU9qgh/E4vMYArUa4v+fGk
v0V+BeTbQwgKR+f4Wb9a2U7EECOl31V7C6zid/igOwUSV6oUTms5TPZ/8/wJ9ewB
J5xvKdW1skfHS/dFEN5xTiJBAWN3ziQi44/F8w/WDvBnatwGZSKCPltkFkCgCQPQ
lnfcCGmvHaKU+jEuIC/+nBebUeM5efgniN1K5Cli7lOT+t/+si8JnijrXBPVbSJm
u1c1hsQEyxm0WQffDXSErOG+RamakgNvANKoHuTtHsGTxi+rM/0ByH+Bv+N62Fpa
PTPM8miBGIWkrkfHepY6DYw1fuUlzNUjzpKHSPRLEw0LKXWX8hV6tYl/Nwdi8xUB
1p5Utcd8WaN5yI3UpJeSWwp6Q6prBQEy1FuqlOtNPHcTpXJUJkXpVn/MN9KszYPe
aucG2cQuKXItfbT6jZK8qYWDhKKAOAz+uV1EpghkyGT6a3tUCDfVPFTDUckO10xA
D2qSNzMVcJ79a+D5JFCAxkEaoCzI8V1S2sl3zTCYD4P3At4yI/tIRH/tC46RAgzL
dUjO+x2LUh0dchklrpURqGvV965ELWeUO55PGHjS6CA6PMueVMnaRWsH2WtsEnjK
+yPQjCVrTa8o8f2LX9LkdBMBPbCUTPmQMeK2IGb2k+HYLDjHWAhUR5r+er7mXGEI
IVSZIu/0CxI=
=0AZJ
-----END PGP SIGNATURE-----
--==_Exmh_1332992577_59750P--
