[atlas] Spoofing the source IP address from a probe?
Daniel Karrenberg daniel.karrenberg at ripe.net
Wed Jun 12 17:30:21 CEST 2013
On 12.06.2013, at 16:53 , Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote: > I read in the interesting > <http://www.internetsociety.org/blog/2013/06/can-we-stop-ip-spoofing-internet> > about BCP38 (anti-spoofing): > >> Another possibility that was suggested is using RIPE Atlas probes to >> probe network capabilities (or shall we say incapabilities?). > > AFAIK, Atlas probes cannot currently perform these tests, am I > correct? No they cannot. It is a matter of policy first and foremost. It is too easy to loose the trust of the probe hosts and to get a bad name with providers if we have the probes do stuff that is as questionable as source address spoofing. Personally I am very much against probes spoofing source addresses. In my personal judgement the risk of loosing a significant number of probes is not at all justified by the potential benefit of doing spoofing measurements. As RIPE NCC chief scientist I am of the opinion that if the community decides to do such tests despite the risk to RIPE Atlas, then we can only do this with explicit permission from the host concerned. Daniel