Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)

Jared Mauch jared at puck.nether.net
Thu Aug 8 18:36:02 UTC 2013


All, 

Here's the correct list, apologies for the confusion.

http://openresolverproject.org/spoofers-20130804-byasn-count.txt

Top ASN excerpt:

  Count ASN
----------------
  46024 5617 
  43729 9394 
  28358 17964 
  27923 3269 
  24323 12874 
  22726 4847 
  22690 286 1136 
  21541 6079 
  20380 20825 
  11538 17430 
  10657 7497 17430 
  10544 4766 
   9883 7497 
   9061 3462 
   8875 38208 
   8553 7385 
   8295 4812 
   7297 11830 
   7204 7029 
   7137 3215 
   6655 6854 
   6618 4788 
   6424 17621 
   5794 53173 
   5069 8452 
   4944 9808 
   4930 6830 
   4877 38511 
   4648 4134 
   4135 2856 
   3982 9340 
   3678 6805 
   3605 38235 
   3398 17816 
   3364 9299 
   3297 9812 
   3238 15003 
   3221 9116 
   3025 4565 




On Aug 8, 2013, at 1:51 PM, Jared Mauch <jared at puck.nether.net> wrote:

> Oops, I pulled the wrong data (off by one column) out before a trip and didn't realize it until now.
> 
> This is not the spoofer list, but the list of ASNs with open resolvers.
> 
> Let me reprocess it.
> 
> Apologies, corrected data being generated.
> 
> - Jared
> 
> On Aug 8, 2013, at 1:29 PM, Jared Mauch <jared at puck.nether.net> wrote:
> 
>> The following is a sorted list from worst to best of networks that allow spoofing: (cutoff here is 25k)
>> 
>> (full list - http://openresolverproject.org/full-spoofer-asn-list-201307.txt )
> 




More information about the NANOG mailing list