Home page logo
/

nanog logo nanog mailing list archives

Re: BCP38 tester?
From: Alain Hebert <ahebert () pubnix net>
Date: Mon, 01 Apr 2013 11:04:51 -0400

On 04/01/13 10:09, Valdis.Kletnieks () vt edu wrote:
On Mon, 01 Apr 2013 09:34:31 -0400, Alain Hebert said:

    I'm sad to confirm that my spoof test was successful with a:

        . SageMCom modem+router, which is used by a big TelCo around my
part, for both their residential and commercial ADSL2+, VDSL customers.
You might want to check more carefully exactly what the failure mode
was.  I'm willing to bet that the router has been configured to assign
addresses inside a specific RFC 1918 /24, and will do Something Terrible
to spoofed packets in that range, but will figure you know what you're
doing and pass them if you source a packet from outside that /24.

    My test script is very very very basic... but passes.

    And as per spoofer.csail, which is way more comprehensive in its
testing.

CPE tested with spoofer this morning.

    For the SageMCom 2864 with FAST2864_v6740S firmware:

        Received (at MIT AS3):

            1.2.3.4 | x.x.x.x | The IANA unalloced source was
successfully received.
            6.1.2.3 | x,x,x,x | The spoofed packets were successfully
received. There is no ingress or egress source filtering on your network
for this IP address.

        Your host can spoof 16777215 neighboring addresses (within your
/8 prefix)

    For the SpeedTouch 516:

        Received (at MIT AS3):

            1.2.3.4 | x.x.x.x | Source address rewrite. The source
address of the probe packets we received differs from the original
address. It appears that a Network Address Translation (NAT) device is
rewriting your packet headers.
            6.1.2.3 | x.x.x.x | <same>
            172.16.1.100 | x.x.x.x | <same>
 
        Your host can spoof 0 neighboring addresses (within your /32 prefix)

        ^ the /32 is a bit confusing.

    PS: This was just a few empirical tests and is in no way, shape, or
form, a judgement about the quality of the devices tested.

-----
Alain Hebert                                ahebert () pubnix net   
PubNIX Inc.        
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault