Hi Vesna, IMO these options should be set by the "probe owner" (no all probes by default). What is the aim of these options? Probably are good to know if the ISP is allowing spoofing packets, but should we run them always? Cheers, kix On Wed, 15 May 2013, Vesna Manojlovic escribió:
Dear RIPE Atlas people,
please take a look at this proposal, and discuss on the mat-wg mailing list.
Thanks, Vesna
-------- Original Message -------- Subject: [mat-wg] [Fwd: Community suggestion for ATLAS spoof test] Date: Wed, 15 May 2013 22:37:28 +0100 From: Vesna Manojlovic <BECHA@ripe.net> To: Measurement Analysis and Tools Working Group <mat-wg@ripe.net>
Dear colleagues,
please take a look at the suggestion from Alexander Isavnin.
Since he is here in Dublin, we can talk about it during MAT-WG or, if there is not enough time, at the RIPE Atlas community BoF.
However, the opinion of the rest of the community counts too, so I ask you to comment on the mailing list, if you are interested.
Regards, Vesna
-------- Original Message -------- Subject: Community suggestion for ATLAS spoof test Date: Wed, 15 May 2013 21:16:30 +0200 From: Alexander Isavnin <isavnin@netline.ru> To: Vesna Manojlovic <BECHA@ripe.net>
Dear Vesna!
Could you forward this suggestion to mat-wg mailing list (and other appropriate lists).
Due to high requirements to mitigate spoofing there is need to detect one.
RIPE community have great distributed networking tool - ATLAS.
As first step i suggest to select address from RIPE NCC network and allow all probes (if probe is not behind NAT) to send spoofed packet with this address as source. As first and a half step - allow to send packets with source addresses of anchors (if anchor's host agrees) As second step - allow probe host to permit use his address as spoofed source.
Best regards, Alexander Isavnin
-- ||// //\\// Rodolfo "kix" Garcia ||\\// //\\ http://www.kix.es/