[90350] in North American Network Operators' Group
RIPE IP Anti-Spoofing Task Force (Was: private ip addresses from
daemon@ATHENA.MIT.EDU (Jeroen Massar)
Wed May 17 10:41:26 2006
From: Jeroen Massar <jeroen@unfix.org>
To: Ivan Groenewald <ivang@xtrahost.co.uk>
Cc: 'adrian kok' <adriankok2000@yahoo.com.hk>, nanog@nanog.org
In-Reply-To: <001801c679bc$2f7e3290$cc01a8c0@edinburgh.xtrahost.co.uk>
Date: Wed, 17 May 2006 16:40:43 +0200
Errors-To: owner-nanog@merit.edu
--=-DHGGpJbjbnCiwyO8MP0W
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2006-05-17 at 15:14 +0100, Ivan Groenewald wrote:
[..]
> If you mean you are getting traffic destined for RFC1918 space, then make
> sure you aren't announcing those networks to your upstreams by accident.
> Poor upstream configs/filters could allow stuff like that to escape to pe=
ers
> of the upstream. (stranger things have happened)
[..]
On a related note, RIPE has started an "IP Anti-Spoofing Task Force",
see http://www.ripe.net/ripe/tf/anti-spoofing/ for more information.
Greets,
Jeroen
--
RIPE "IP Anti-Spoofing" Task Force=20
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
IP source address spoofing is the practice of originating IP datagrams=20
with source addresses other than those assigned to the host of origin.=20
In simple words the host pretends to be some other host.=20
This can be exploited in various ways, most notably to execute DoS=20
amplification attacks which cause an amplifier host to send traffic to=20
the spoofed address.=20
There are many recommendations to prevent IP spoofing by ingress=20
filtering, e.g. checking source addresses of IP datagrams close to the=20
network edge.=20
At RIPE-52 in Istanbul RIPE has established a task force that promotes=20
deployment of ingress filtering at the network edge by raising
awareness=20
and provide indirect incentives for deployment.=20
Document ripe-379 provides the task force charter and the initial
time-line.=20
The mailing list archive is at=20
http://www.ripe.net/ripe/maillists/archives/spoofing-tf/2006/index.html=20
The task force web page is at
http://www.ripe.net/ripe/tf/anti-spoofing/=20
The task force is co-chaired by Nina Hjorth Bargisen (NINA1-RIPE)=20
and Daniel Karrenberg (DK58).
--=-DHGGpJbjbnCiwyO8MP0W
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Jeroen Massar / http://unfix.org/~jeroen/
iHUEABECADUFAkRrNesuFIAAAAAAFQAQcGthLWFkZHJlc3NAZ251cGcub3JnamVy
b2VuQHVuZml4Lm9yZwAKCRApqihSMz58IyBUAJ47nvJPOLy68HrCeGvmi27lcMVA
HACgptdFGjBH7zXUu/z2AoH5djIRAxk=
=PoxH
-----END PGP SIGNATURE-----
--=-DHGGpJbjbnCiwyO8MP0W--
