[23845] in North American Network Operators' Group
Re: address spoofing
daemon@ATHENA.MIT.EDU (Simon Leinen)
Tue Apr 27 11:09:27 1999
To: Randy Bush <randy@psg.com>
Cc: nanog@merit.edu
From: Simon Leinen <simon@limmat.switch.ch>
In-Reply-To: Randy Bush's message of "Thu, 22 Apr 1999 18:33:24 -0700 (PDT)"
Date: 27 Apr 1999 17:07:52 +0200
Errors-To: owner-nanog-outgoing@merit.edu
>>>>> "rb" == Randy Bush <randy@psg.com> writes:
> [...]
> but the uglier symptoms are packets from my own address space
> deny ip 147.28.0.0 0.0.255.255 any (6 matches)
One of our customers has 129.129.0.0/16, and we sure receive a lot of
leaked packets with source and destination addresses in that range
from our upstream. (One of these days I'll try to get those traced :-)
147.28.0.0 doesn't seem like a likely "random" prefix though. Maybe
an ex-customer/employee of yours didn't clean up their configuration
when they left?
--
Simon. http://www.switch.ch/misc/leinen/
