Wish i were there.. There’s some cool ways to detect this externally that I know some researchers are working on documenting. I think their results will be at NDSS or PAM (i forget which). - Jared
On Nov 17, 2015, at 12:03 PM, Pavel Odintsov <pavel.odintsov@gmail.com> wrote:
Hello!
Thanks for answer!
But actually we have huge issues with IPv4. Could we collect this stats with full anonymous approach for bitting ethical problem here?
So we definitely need number of networks who ignore this rules.
On Tue, Nov 17, 2015 at 8:00 PM, Jen Linkova <furry13@gmail.com> wrote:
On Tue, Nov 17, 2015 at 5:50 PM, Pavel Odintsov <pavel.odintsov@gmail.com> wrote:
I'm writing from RIPE71 / Anti spoofing BoF. So I want to ask for some difficult ethical question.
Could we detect probe hosts who do not deploy outgoing filtering and accept spoofed traffic?
We need to know amount of they. It's really important for solving spoofing issue in Internet scale.
It's been discussed before and some ethical concerns have been raised by RIPE NCC.
From pure technical point of view I think it might be possible some data for Ipv6 (with some false negatives):
- a probe could generate ULA prefix for itself and send traffic from that ULA source to, let's say, some anchors (or some other pre-defined target which is known for allowing packets from ULA sources). Receiving such packet from a probe would prove tat there is no BCP38 filtering on the path (however blocking packets proves only the fact that ULAs are being blocked, not real spoofed packets). Or maybe a probe might get a GUA IP address from RIPE prefix and use it as a source.. As bi-directional communication is not necessary, any source address would work.
-- Sincerely yours, Pavel Odintsov
-- SY, Jen Linkova aka Furry
-- Sincerely yours, Pavel Odintsov