[164929] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not

daemon@ATHENA.MIT.EDU (Christopher Morrow)
Sun Aug 11 12:03:05 2013

In-Reply-To: <8738qg2q37.fsf@mid.deneb.enyo.de>
Date: Sun, 11 Aug 2013 12:02:52 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

On Sun, Aug 11, 2013 at 11:40 AM, Florian Weimer <fw@deneb.enyo.de> wrote:

> Apparently, they're implementing DNS proxy by destination-NATting, and
> because they listen also on the WAN interface, they get the source
> address wrong.
>
> This is quite scary.

which part? the fact that most NAT implementations on CPE are crap? or
the spoofing bit?


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[164929] in North American Network Operators' Group

Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not

daemon@ATHENA.MIT.EDU (Christopher Morrow)Sun Aug 11 12:03:05 2013

daemon@ATHENA.MIT.EDU (Christopher Morrow)
Sun Aug 11 12:03:05 2013