[atlas] Spoofing the source IP address from a probe?
Colin Johnston colinj at mx5.org.uk
Wed Jun 12 18:24:31 CEST 2013
> > No they cannot. It is a matter of policy first and foremost. It is too easy to loose the trust of the probe hosts and to get a bad name with providers if we have the probes do stuff that is as questionable as source address spoofing. > > Personally I am very much against probes spoofing source addresses. In my personal judgement the risk of loosing a significant number of probes is not at all justified by the potential benefit of doing spoofing measurements. > > As RIPE NCC chief scientist I am of the opinion that if the community decides to do such tests despite the risk to RIPE Atlas, then we can only do this with explicit permission from the host concerned. > > Daniel This is the wrong approach above to take from a ISP sysadmin perspective. What should be done is Router(CBAC correct packet source address checking), ideally on the sysadmin leaf routers if such routers are implemented or on the core routers. You only want good traffic getting to service machines to make network traffic usage worthwhile. A good network provider will implement source address checking as they value the network usage. Customer end devices are a good point to check for packet source checking as botnet machines frequently utiliize home machines, feel free for my probe to be used as anything which can improve good network traffic usage in the age of cutbacks of money is useful. Colin Johnston