[168527] in North American Network Operators' Group
Re: BCP38.info
daemon@ATHENA.MIT.EDU (Andrei Robachevsky)
Wed Jan 29 05:11:37 2014
Date: Wed, 29 Jan 2014 11:11:00 +0100
From: Andrei Robachevsky <robachevsky@isoc.org>
To: Jared Mauch <jared@puck.nether.net>, <nick@flhsi.com>
In-Reply-To: <D4515961-E456-454D-8461-4D7044CC47A7@puck.nether.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Jared Mauch wrote on 1/28/14 10:11 PM:
> 192.168.0.1 has a rule that says send UDP/53 packets I process to 172.16.0.1. Since i'm "outside" it's "NAT", the rule ends up taking the source IP, which isn't part of it's "NAT" set, and ends up copying my "source" IP into the packet, then forwards it to the DNS server.
This is really broken. Do you have any idea as to why such rule is
implemented? I also heard that some CPE implement exactly the same logic
if one spoof src IP inside their NAT. I think that the Spoofer project
discards tests from the inside NAT, but maybe they track such cases?
Andrei
