On Wed, Nov 18, 2015 at 12:57 PM, Alexander Lyamin <melanor9@gmail.com> wrote:
Do we have a statistics on what percentage of probes operate behind NAT?
There is a tag "IPv4 RFC1918" so you can select all probes with that tag to get that number.
On Tue, Nov 17, 2015 at 7:03 PM, Pavel Odintsov <pavel.odintsov@gmail.com> wrote:
Hello!
Thanks for answer!
But actually we have huge issues with IPv4. Could we collect this stats with full anonymous approach for bitting ethical problem here?
So we definitely need number of networks who ignore this rules.
On Tue, Nov 17, 2015 at 8:00 PM, Jen Linkova <furry13@gmail.com> wrote:
On Tue, Nov 17, 2015 at 5:50 PM, Pavel Odintsov <pavel.odintsov@gmail.com> wrote:
I'm writing from RIPE71 / Anti spoofing BoF. So I want to ask for some difficult ethical question.
Could we detect probe hosts who do not deploy outgoing filtering and accept spoofed traffic?
We need to know amount of they. It's really important for solving spoofing issue in Internet scale.
It's been discussed before and some ethical concerns have been raised by RIPE NCC.
From pure technical point of view I think it might be possible some data for Ipv6 (with some false negatives):
- a probe could generate ULA prefix for itself and send traffic from that ULA source to, let's say, some anchors (or some other pre-defined target which is known for allowing packets from ULA sources). Receiving such packet from a probe would prove tat there is no BCP38 filtering on the path (however blocking packets proves only the fact that ULAs are being blocked, not real spoofed packets). Or maybe a probe might get a GUA IP address from RIPE prefix and use it as a source.. As bi-directional communication is not necessary, any source address would work.
-- Sincerely yours, Pavel Odintsov
-- SY, Jen Linkova aka Furry
-- Sincerely yours, Pavel Odintsov
-- connecting the dots
-- SY, Jen Linkova aka Furry