Is malicious asymmetrical routing still a thing?

William Herrin bill at
Fri Mar 10 01:34:25 UTC 2023

On Thu, Mar 9, 2023 at 5:12 PM William Herrin <bill at> wrote:
> It's trivial to turn a $5 VPS into a disposable VPN head-end that can
> spray TCP SYN packets at a modest rate, and once the packet is on the
> backbone somewhere in the world not only can't you do anything about
> it, it's just on the near side of impossible to figure out where it
> originally entered.

Come to think of it, there are probably botnets for rent where the
"owner" has verified non-compliance with BCP38 and will arrange for X
number of fresh machines spread across everywhere to VPN into your
server and pass packets for you. Why not bring in a little extra cash
while waiting for the next DDOS target? Particularly when the packets
emitted are unlikely to be traceable to the bot.

Bill Herrin

For hire.

More information about the NANOG mailing list