[164902] in North American Network Operators' Group
Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not
daemon@ATHENA.MIT.EDU (Jared Mauch)
Thu Aug 8 14:36:11 2013
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <EFBC2A9A-91D2-4F31-9565-2713B092034B@puck.nether.net>
Date: Thu, 8 Aug 2013 14:36:02 -0400
To: Saku Ytti <saku@ytti.fi>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
All,=20
Here's the correct list, apologies for the confusion.
http://openresolverproject.org/spoofers-20130804-byasn-count.txt
Top ASN excerpt:
Count ASN
----------------
46024 5617=20
43729 9394=20
28358 17964=20
27923 3269=20
24323 12874=20
22726 4847=20
22690 286 1136=20
21541 6079=20
20380 20825=20
11538 17430=20
10657 7497 17430=20
10544 4766=20
9883 7497=20
9061 3462=20
8875 38208=20
8553 7385=20
8295 4812=20
7297 11830=20
7204 7029=20
7137 3215=20
6655 6854=20
6618 4788=20
6424 17621=20
5794 53173=20
5069 8452=20
4944 9808=20
4930 6830=20
4877 38511=20
4648 4134=20
4135 2856=20
3982 9340=20
3678 6805=20
3605 38235=20
3398 17816=20
3364 9299=20
3297 9812=20
3238 15003=20
3221 9116=20
3025 4565=20
On Aug 8, 2013, at 1:51 PM, Jared Mauch <jared@puck.nether.net> wrote:
> Oops, I pulled the wrong data (off by one column) out before a trip =
and didn't realize it until now.
>=20
> This is not the spoofer list, but the list of ASNs with open =
resolvers.
>=20
> Let me reprocess it.
>=20
> Apologies, corrected data being generated.
>=20
> - Jared
>=20
> On Aug 8, 2013, at 1:29 PM, Jared Mauch <jared@puck.nether.net> wrote:
>=20
>> The following is a sorted list from worst to best of networks that =
allow spoofing: (cutoff here is 25k)
>>=20
>> (full list - =
http://openresolverproject.org/full-spoofer-asn-list-201307.txt )
>=20
