[164900] in North American Network Operators' Group
Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Aug 8 13:54:30 2013
To: Blake Dunlap <ikiris@gmail.com>
In-Reply-To: Your message of "Thu, 08 Aug 2013 12:46:10 -0500."
<CAJvB4tnOgsHm+_03QkfW=Xw+w5gRfeN=qDTTa3DxST6EisH+Rg@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 08 Aug 2013 13:52:42 -0400
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1375984362_1589P
Content-Type: text/plain; charset=us-ascii
On Thu, 08 Aug 2013 12:46:10 -0500, Blake Dunlap said:
> I noticed that two of my ASNs are on that list for example with low
> numbers. I can't fathom how as at least one of them has uRPF implemented on
> any actual interfaces and no downstreams/peers.
Most likely, you have places where one host in a /24 or /28 can spoof
a packet claiming to be another host in the same subnet, and have the
spoofed packet escape into the outside world. There's really no way to
stop that unless you get *really* fascist with your edge-host facing
routers/switches.
--==_Exmh_1375984362_1589P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBUgPa6gdmEQWDXROgAQJ6zQ//WURF0qXVHbJvr2pDMzf3kUhe09PETzve
sMTVzlj/fpHtXP3NqSfEIXSwy/ZK7hSTaWvMxjmvwRZZf9Sn7z1bJaDEqqAj86H9
0ak3TLuZn1ebTbN5ulQxLWdwAc2BHg74QZ/9xKe3vxga0tAk6L9zkLZ0pSTkWFfx
lHAVR6nErGHuWE7CsUp3GfDjXn/ChvRyIv8W/IjmjiJp71A+UkHgcMynr5FMAGJG
A2yn12LB0AlAQN3/n7XAUUwDWNCWszCpWR2dndAAALCkOBhtQ69VhkETJI/mzqhb
J6PuXC4fhyqiWmsorvSHch3xQ//B9k9rEhOHXNByhQdteFNMiL3TXRgFfdxIiU14
Ow2MTEoYx6LBVDINsPk3M6RoyRA9//gRD+T+krZC2ev1iA3wipvkOqbRutUDb3aw
/K5m+XTTN+lkPdM9m2RYr1EdkQ7hK29WVebyisyYIxhSjOxHP+5cqs8DIQhbOvWX
5mlaX0I5Ddoy/WdXT6LwFb7AVI2iWxb7hR5EY20mhSt//Usb4vsA+s4Bqg2sXJH8
V+7fUB/SVLhTtW+z9DOVBAD808B3SNeuGrYLYKSwWMGqHF6U7mo/oBywV80RNxXq
7sXaLdDMBe8Nv1YU+sN3+MwNC8L9rNgyy4su2z5KKJf0x+BytP4NHnsJZnhCJT6k
6pe7TiKn+JA=
=9e4i
-----END PGP SIGNATURE-----
--==_Exmh_1375984362_1589P--
