BCP38 tester?

• Previous message (by thread): BCP38 tester?
• Next message (by thread): BCP38 tester?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/01/13 04:02, Karl Auer wrote:
> On Mon, 2013-04-01 at 01:31 -0500, Jimmy Hess wrote:
>> On 3/31/13, Karl Auer <kauer at biplane.com.au> wrote:
>>> OK - how does one configure NAT so that the source addresses of outbound
>>> packets are NOT clamped to a configured range on the outside of the NAT
>>> device? Given this general scenario, of course:
>> He said it depends on how NAT is configured
>> [...]
>> In some implementations, only certain ranges of source IP addresses
>> are subject to translation.
> Um - if no address translation takes place, then, by definition, NAT has
> not taken place.
>
> So it may well be that a particular device, capable of doing NAT and
> other things, of NATting some packets but not others, may permit
> spoofed-because-not-NATted outbound packets, but I remain unconvinced
> that a spoofed packet can make it through a NAT process and head
> outbound without getting its source address clamped to a configured
> range of outside addresses.
>
> Now I'm imagining a NAT process that translates only *destination*
> addresses - hm, is there such a beast?
>
> Continuing to seek enlightenment...
>
> Regards, K.
    While I was reading this... thinking that a NAT is a NAT is a NAT...
    ( I spend "some" time writing/porting NAT code in my youth )

    I'm sad to confirm that my spoof test was successful with a:

        . SageMCom modem+router, which is used by a big TelCo around my
part, for both their residential and commercial ADSL2+, VDSL customers.

        . 4 well know Tier-2(?) provider :( why I'm wasting time filling
up "paper" LoA if its only going to be used for BGP.

    But on the other hand... it failed on a:

        . Cisco (*cought* LinkSys) WRT54G loaded with DD-WRT v2.4-sp2
micro (2010/10/09);

        . SonicWall 2040 with 4.2.1.3;

        . Thompson SpeedTouch 516;

        ( I'm looking around for more CPE I could "use", for testing =D )

    PS: I'm not promoting the listed vendor, products.  Its only a quick
test with what I had on my hand during breakfast.

-----
Alain Hebert                                ahebert at pubnix.net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

• Previous message (by thread): BCP38 tester?
• Next message (by thread): BCP38 tester?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]