Home page logo

nanog logo nanog mailing list archives

Re: Spoofing ASNs (Re: SNMP DDoS: the vulnerability you might not know you have)
From: Valdis.Kletnieks () vt edu
Date: Thu, 08 Aug 2013 13:52:42 -0400

On Thu, 08 Aug 2013 12:46:10 -0500, Blake Dunlap said:
I noticed that two of my ASNs are on that list for example with low
numbers. I can't fathom how as at least one of them has uRPF implemented on
any actual interfaces and no downstreams/peers.

Most likely, you have places where one host in a /24 or /28 can spoof
a packet claiming to be another host in the same subnet, and have the
spoofed packet escape into the outside world.  There's really no way to
stop that unless you get *really* fascist with your edge-host facing

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]