This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[atlas] All-Probe Traceroute + detect RFC1918 addresses
- Previous message (by thread): [atlas] All-Probe Traceroute + detect RFC1918 addresses
- Next message (by thread): [atlas] All-Probe Traceroute + detect RFC1918 addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Max Grobecker
max.grobecker at ml.grobecker.info
Thu Sep 16 16:28:19 CEST 2021
Hi Jeroen, > We got CAIDAs spoofer project, but that primarily afaik checks that by doing connections, not by checking ICMP returns. > > I just saw towards 213.244.71.2 : > [...] > Which means the whole path till that IP was not doing any kind of RPF.... thus spoofing anything else would be possible too. Maybe I have a wrong imagination on how this spoofing testing is done, but... If you spoof the source address you simply can't get any return. Your traceroute proves, that your packet leaves the network, but it's not proof for, that BCP38 was not implemented. Because IF your packets were forwarded with spoofed source, you won't got any response, not even from the first hop. Obviously, because your false source IP would get the ICMP returns, not your probe. So, IMHO, it's more likely to me your traceroute is proof for a NAT and not for spoofing. Greetings, Max
- Previous message (by thread): [atlas] All-Probe Traceroute + detect RFC1918 addresses
- Next message (by thread): [atlas] All-Probe Traceroute + detect RFC1918 addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]