[atlas] Spoofing measurenments
- Previous message (by thread): [atlas] Spoofing measurenments
- Next message (by thread): [atlas] Spoofing measurenments
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jen Linkova
furry13 at gmail.com
Wed Nov 18 13:18:07 CET 2015
On Wed, Nov 18, 2015 at 12:57 PM, Alexander Lyamin <melanor9 at gmail.com> wrote: > Do we have a statistics on what percentage of probes operate behind NAT? There is a tag "IPv4 RFC1918" so you can select all probes with that tag to get that number. > On Tue, Nov 17, 2015 at 7:03 PM, Pavel Odintsov <pavel.odintsov at gmail.com> > wrote: >> >> Hello! >> >> Thanks for answer! >> >> But actually we have huge issues with IPv4. Could we collect this >> stats with full anonymous approach for bitting ethical problem here? >> >> So we definitely need number of networks who ignore this rules. >> >> On Tue, Nov 17, 2015 at 8:00 PM, Jen Linkova <furry13 at gmail.com> wrote: >> > On Tue, Nov 17, 2015 at 5:50 PM, Pavel Odintsov >> > <pavel.odintsov at gmail.com> wrote: >> >> I'm writing from RIPE71 / Anti spoofing BoF. So I want to ask for some >> >> difficult ethical question. >> >> >> >> Could we detect probe hosts who do not deploy outgoing filtering and >> >> accept spoofed traffic? >> >> >> >> We need to know amount of they. It's really important for solving >> >> spoofing issue in Internet scale. >> > >> > It's been discussed before and some ethical concerns have been raised >> > by RIPE NCC. >> > >> > From pure technical point of view I think it might be possible some >> > data for Ipv6 (with some false negatives): >> > >> > - a probe could generate ULA prefix for itself and send traffic from >> > that ULA source to, let's say, some anchors (or some other pre-defined >> > target which is known for allowing packets from ULA sources). >> > Receiving such packet from a probe would prove tat there is no BCP38 >> > filtering on the path (however blocking packets proves only the fact >> > that ULAs are being blocked, not real spoofed packets). Or maybe a >> > probe might get a GUA IP address from RIPE prefix and use it as a >> > source.. >> > As bi-directional communication is not necessary, any source address >> > would work. >> > >> >> >> >> -- >> >> Sincerely yours, Pavel Odintsov >> >> >> > >> > >> > >> > -- >> > SY, Jen Linkova aka Furry >> >> >> >> -- >> Sincerely yours, Pavel Odintsov > > > > > -- > connecting the dots -- SY, Jen Linkova aka Furry
- Previous message (by thread): [atlas] Spoofing measurenments
- Next message (by thread): [atlas] Spoofing measurenments
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]