Dobbins, Roland rdobbins at arbor.net
Mon Feb 3 07:22:19 UTC 2014

On Jan 29, 2014, at 3:03 AM, Jared Mauch <jared at puck.nether.net> wrote:

> Sure, but this means that network is allowing the spoofing :)
> What I did last night was automated comparing the source ASN to the dest ASN mapped to and reported both the IP + ASN on a single line for those that were interested.

This is pretty slick, relying upon broken CPE NAT implementations.  It's the only way I've heard of to remotely infer whether or not a given network allows spoofing.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the NANOG mailing list