[atlas] "Spoofing" tests.
Warren Kumari warren at kumari.net
Mon Sep 9 20:03:17 CEST 2013
On Sep 9, 2013, at 3:33 AM, Andrei Robachevsky <robachevsky at isoc.org> wrote: > I think that would be one way to alleviate the concerns, yes. Also note > that we are talking about special category of users who have somewhat > more control over their network - not a typical BB user sitting behind a > NAT. > Yup. Although if some BB users behind NATs did check the box, I'm sure that they would still be useful for some tests, just not spoofing ones. Actually, that's still not true -- I came across a number of CPE devices that seem to use the following logic: 1: If the source IP is on my "internal" network perform the NAT function (rewrite, install session in NAT table, etc) 2: If the source IP is *not* on the "internal" network simply pass the packet unaltered. IIRC it was some d-link devices that that did this, I wonder how common it is… > Another important question IMO is how these data is going to be used. > Several people I talked to were supporting of the idea of instigating an > "anti-spoofing" movement among the ISPs, where in order to get (and > stay) on a public list of networks who care one needs to pass > anti-spoofing tests. Atlas and Spoofer would be instrumental in this effort. Yes -- the issue that I see with things like the Spoofer project is that they require someone to download and run a client app -- this limits the number and scope of test that they see and also creates selection bias. Yes, there is even more selection bias with Atlas probes, but Atlas seems to have a fairly wide spread these days. If even a fraction of users clicked the button… Trying to push BCP38 these days may be tilting at windmills, but can't hurt. I'm sure that a bunch of other uses could also be found for probes that are AUP free…. W > > Andrei > > Warren Kumari wrote on 9/7/13 7:24 PM: >> Apologies if this has already been discussed enlist -- I took a quick look though the archives and didn't see it. >> >> I believe that the reason for not allowing things like tests that send spoofed packets is that it might violate the AUP that participants have with their ISPs / be viewed by participants ISPs as an attack. >> >> So, what about having a checkbox in the Probe Settings that says something like: "I have no AUP with my ISP or I'm fine to violate my AUP. Run intrusive or dangerous tests on this probe" ? This would create a subset of probes that could be used for more interesting tests, an d would allow for greater visibility into things. >> >> W >> >> --- >> It is a mistake to think you can solve any major problem just with potatoes. --Douglas Adams >> >> > -- The above email is neither interesting or relevant, but at least it provided no new information.