[atlas] Spoofing the source IP address from a probe?
Joe Provo jzp-ripe at rsuc.gweep.net
Wed Jun 12 17:44:20 CEST 2013
On Wed, Jun 12, 2013 at 05:35:54PM +0200, Randy Bush wrote: > > No they cannot. It is a matter of policy first and foremost. It is too > > easy to loose the trust of the probe hosts and to get a bad name with > > providers if we have the probes do stuff that is as questionable as > > source address spoofing. > > <aol> > > thank you To be fair, it was discussed at ripe66 and there was an open question as to wether malformed traffic testing of any type would be of value (even on an opt-in basis). Arguably, address forgery is a subtype of malformed traffic. I would encourage those in the community who wish to be performing individual spoof testing (or instruct others how to do so) to use the easy-peasey pointy-clicky CAIDA/CSAIL tool: http://spoofer.cmand.org/ (also spoofer.csail.mit.edu, spooftest.net, etc etc) -- RSUC / GweepNet / Spunk / FnB / Usenix / SAGE / NANOG