Ingress filtering on transits, peers, and IX ports

Casey Deccio casey at deccio.net
Mon Oct 19 22:45:25 UTC 2020


> On Oct 14, 2020, at 3:34 PM, Eric Kuhnke <eric.kuhnke at gmail.com> wrote:
> 
> I think he means packet captures from an example, voluntarily-tested recursive nameserver subject to this attack.


Thanks.  We have updated all the report pages with a self-test tool specific to the network associated with the report.  This should allow a network admin that received our report to check whether or not the condition still exists and to perform a packet capture from whatever vantage point they want in their network.

A more general tool (i.e., for anyone to use) will be made available in the future.

Cheers,
Casey

> 
> 
> On Wed, Oct 14, 2020 at 11:53 AM Casey Deccio <casey at deccio.net <mailto:casey at deccio.net>> wrote:
> Hi Bryan,
> 
> > On Oct 14, 2020, at 12:43 PM, Bryan Holloway <bryan at shout.net <mailto:bryan at shout.net>> wrote:
> > 
> > I too would like to know more about their methodology
> 
> We've written up our methodology and results in a paper that will be available in a few weeks.  Happy to post it here if folks are interested.  Obviously, no networks are individually identified; it's all aggregate.
> 
> Also, we're working on a self-test tool, but it's not quite ready yet.  Sorry.
> 
> > and actual tangibles ideally in the form of PCAPs.
> 
> What do you mean by "tangibles in the form of PCAPs"?
> 
> Casey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201019/24c38ae8/attachment.html>


More information about the NANOG mailing list