[168504] in North American Network Operators' Group
Re: BCP38.info
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Jan 28 08:06:49 2014
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <5569484.5623.1390758449655.JavaMail.root@benjamin.baylink.com>
Date: Tue, 28 Jan 2014 08:06:31 -0500
To: Jay Ashworth <jra@baylink.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 26, 2014, at 12:47 PM, Jay Ashworth <jra@baylink.com> wrote:
> something like 6 years ago, and couldn't get any traction on it then;=20=
> I'm not sure I think much has changed -- apparently, extracting your
> BP thoughts from mailing list postings and putting them into a wiki is
> more effort than most NANOGers are up to.
I do have a list of the top ASNs that can be shown to allow IP spoofing =
by looking at
the DNS scans part of the OpenResolverProject:
52731 ASN7922
31251 ASN9394
25241 ASN17964
15951 ASN4847
7576 ASN17430
5800 ASN17430
4110 ASN7497
3645 ASN9812
3492 ASN6854
http://openresolverproject.org/spoof-src-dst-asns-20140126.txt
What the data is:
It includes IP address where you send a DNS packet to it and another IP =
address responds to the query, e.g.:
[jared@hostname ~/spoof]$ dig @101.0.37.11
;; reply from unexpected source: 182.19.83.65#53, expected =
101.0.37.11#53
The data only includes those where the =93source-ASN=94 and =93dest-asn=94=
of these packets don=92t match.
- Jared
