Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)

• Previous message (by thread): SNMP DDoS: the vulnerability you might not know you have
• Next message (by thread): Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Aug 1, 2013, at 2:31 AM, Saku Ytti <saku at ytti.fi> wrote:

> On (2013-07-31 17:07 -0700), bottiger wrote:
> 
>> But realistically those 2 problems are not going to be solved any time
>> in the next decade. I have tested 7 large hosting networks only one of
>> them had BCP38.
> 
> I wonder if it's truly that unrealistic. If we target access networks, it
> seems impractical target.
> 
> We have about 40k origin only ASNs and about 7k ASNs which offer transit,
> who could arguably trivially ACL those 40k peers.
> 
> If we truly tried, as a community to make deploying these ACLs easy and
> actively reach out those 7k ASNs and offer help, would it be unrealistic to
> have ACL deployed to sufficiently large portion of networks to make
> spoofing impractical/expensive?

The following is a sorted list from worst to best of networks that allow spoofing: (cutoff here is 25k)

(full list - http://openresolverproject.org/full-spoofer-asn-list-201307.txt )

Count   ASN#
------------
1323950 3462 
1300938 4134 
1270046 8151 
1213972 9737 
 851124 22927 
 706434 45899 
 532546 3816 
 497303 1267 
 487965 17974 
 486882 4837 
 433170 9829 
 425991 18403 
 422356 19429 
 406870 24560 
 378440 4766 
 357974 6697 
 341044 6147 
 332602 18881 
 251074 7303 
 238461 9318 
 221201 4812 
 217794 7418 
 213049 17552 
 181995 7552 
 159078 13489 
 153877 9299 
 142740 7738 
 138730 209 
 120860 8452 
 118506 46606 
 117700 14420 
 107600 17813 
 101967 36947 
  98708 6400 
  93526 36351 
  92471 4788 
  89976 9198 
  88570 11556 
  81665 9050 
  81624 27695 
  80837 13354 
  80415 701 
  79032 6332 
  78164 4808 
  77937 55430 
  75800 2554 
  65618 9394 
  63992 4713 
  60380 9808 
  59274 6057 
  55177 8400 
  53862 9269 
  53266 13285 
  51620 9329 
  50822 22833 
  50320 16276 
  49847 23752 
  48998 4780 
  48278 31549 
  47195 8167 
  46484 10299 
  46270 21844 
  43439 26599 
  43211 32475 
  43048 36444 
  41688 27668 
  35448 24863 
  34160 27866 
  33068 26496 
  32166 14754 
  31656 2379 
  31450 32613 
  30641 27699 
  29225 45951 
  28804 6389 
  27836 56040 
  27406 5617 
  26758 39501 
  26454 24940 
  26175 13999 
  25736 7018 
  25482 131090 
  25478 1221 

• Previous message (by thread): SNMP DDoS: the vulnerability you might not know you have
• Next message (by thread): Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]