Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Aug 8 17:52:42 UTC 2013


On Thu, 08 Aug 2013 12:46:10 -0500, Blake Dunlap said:
> I noticed that two of my ASNs are on that list for example with low
> numbers. I can't fathom how as at least one of them has uRPF implemented on
> any actual interfaces and no downstreams/peers.

Most likely, you have places where one host in a /24 or /28 can spoof
a packet claiming to be another host in the same subnet, and have the
spoofed packet escape into the outside world.  There's really no way to
stop that unless you get *really* fascist with your edge-host facing
routers/switches.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130808/4c32ccd1/attachment.bin>


More information about the NANOG mailing list