[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)
- Subject: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- Date: Thu, 08 Aug 2013 13:52:42 -0400
- In-reply-to: Your message of "Thu, 08 Aug 2013 12:46:10 -0500." <CAJvB4tnOgsHm+_03QkfW=Xw+w5gRfeN=qDTTa3DxST6EisH+Rg@mail.gmail.com>
- References: <CAJvB4t=MFhVNpmBwKdMrcc5ZCQkO1LSpNbsqtJu27WjQd=cpJA@mail.gmail.com> <CE1EA166.16075%[email protected]> <CAJvB4tngwy0rMwvnUSMkEYGPevE8wRBxZBGfKF8vjGA1JpEOHA@mail.gmail.com> <CA+2UFhksZz9Kb0LRO29STMzj-KZchD94ZxvqibMW=R8tAV_ufw@mail.gmail.com> <[email protected]> <CAJvB4tk2S=D+z_kn_6_tEpGiB2feYGbXTBhimtgZfZ5ikTB7yg@mail.gmail.com> <CAAAwwbWCSsp1a7U43NLU=fwMeGXrSUGZEm0ZVwSkiaEmRDKgXg@mail.gmail.com> <CA+2UFhntL-iKdGc7Ev9UbPB-y5QkO5eA=nxFfsmNMq50ZUkPqA@mail.gmail.com> <[email protected]> <[email protected]> <CAEmG1=o_E5K3n8MjmovCE7c2GsYELHX1fb_bsgKQZHFYt_E1oQ@mail.gmail.com> <CAJvB4tnOgsHm+_03QkfW=Xw+w5gRfeN=qDTTa3DxST6EisH+Rg@mail.gmail.com>
On Thu, 08 Aug 2013 12:46:10 -0500, Blake Dunlap said:
> I noticed that two of my ASNs are on that list for example with low
> numbers. I can't fathom how as at least one of them has uRPF implemented on
> any actual interfaces and no downstreams/peers.
Most likely, you have places where one host in a /24 or /28 can spoof
a packet claiming to be another host in the same subnet, and have the
spoofed packet escape into the outside world. There's really no way to
stop that unless you get *really* fascist with your edge-host facing
routers/switches.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20130808/4c32ccd1/attachment.bin>