I have a Comcast business class connection, and the only addresses the program could spoof were the local addresses in my subnet. It looks like Comcast is filtering things nicely at my first router hop upstream.
-- steve <http://pirk.com> On Thu, Mar 28, 2013 at 9:49 PM, Jerry <sec-acct...@oryx.cc> wrote: > FYI, spoofer compiles without issue (or even warnings) on Solaris. > > Will forward run results results off line. > > > > > On 03/28/13 08:03 PM, Paul Ferguson wrote: > >> Hi, funsec people. :-) >> >> This kind of goes hand-in-hand with a much larger community project, >> but I'd like to encourage you to participate in the Spoofer Project, >> and share the results: >> >> http://spoofer.csail.mit.edu/ >> >> Please take a moment to download the software (it is safe, I promise!) >> -- there are software packages available for Mac OSX, Windows, and >> Linux. The source code is also available if you care to inspect it. >> >> I am simply curious to see if any of your home ISPs allow spoofed >> packets to originate from within their downstream customer networks. >> >> As some of you may (or may not) know, I co-authored BCP38 [1], which >> was published in May 2000, and yet there are an astounding number of >> ISP networks on the planet that still allow traffic with spoofed >> source addresses to originate from within their networks. This is the >> primary culprit in generated DNS Amplification Attacks, an issue which >> several of us are currently engaged in, and will be talking about for >> the months (and years?) to come in our community outreach. >> >> So if you have a few free moment, please take a few moments when you >> are at home and let me know the results. >> >> Thanks, >> >> - ferg >> >> >> [1] https://tools.ietf.org/html/**bcp38<https://tools.ietf.org/html/bcp38> >> >> ______________________________**_________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/**mailman/listinfo/funsec<https://linuxbox.org/cgi-bin/mailman/listinfo/funsec> > Note: funsec is a public and open mailing list. >
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
