On Tue, Nov 17, 2015 at 5:50 PM, Pavel Odintsov <pavel.odintsov@gmail.com> wrote:
I'm writing from RIPE71 / Anti spoofing BoF. So I want to ask for some difficult ethical question.
Could we detect probe hosts who do not deploy outgoing filtering and accept spoofed traffic?
We need to know amount of they. It's really important for solving spoofing issue in Internet scale.
It's been discussed before and some ethical concerns have been raised by RIPE NCC.
From pure technical point of view I think it might be possible some data for Ipv6 (with some false negatives):
- a probe could generate ULA prefix for itself and send traffic from that ULA source to, let's say, some anchors (or some other pre-defined target which is known for allowing packets from ULA sources). Receiving such packet from a probe would prove tat there is no BCP38 filtering on the path (however blocking packets proves only the fact that ULAs are being blocked, not real spoofed packets). Or maybe a probe might get a GUA IP address from RIPE prefix and use it as a source.. As bi-directional communication is not necessary, any source address would work.
-- Sincerely yours, Pavel Odintsov
-- SY, Jen Linkova aka Furry