Wish i were there.. There’s some cool ways to detect this externally that I know some researchers are working on documenting. I think their results will be at NDSS or PAM (i forget which).
- Jared > On Nov 17, 2015, at 12:03 PM, Pavel Odintsov <pavel.odint...@gmail.com> wrote: > > Hello! > > Thanks for answer! > > But actually we have huge issues with IPv4. Could we collect this > stats with full anonymous approach for bitting ethical problem here? > > So we definitely need number of networks who ignore this rules. > > On Tue, Nov 17, 2015 at 8:00 PM, Jen Linkova <furr...@gmail.com> wrote: >> On Tue, Nov 17, 2015 at 5:50 PM, Pavel Odintsov >> <pavel.odint...@gmail.com> wrote: >>> I'm writing from RIPE71 / Anti spoofing BoF. So I want to ask for some >>> difficult ethical question. >>> >>> Could we detect probe hosts who do not deploy outgoing filtering and >>> accept spoofed traffic? >>> >>> We need to know amount of they. It's really important for solving >>> spoofing issue in Internet scale. >> >> It's been discussed before and some ethical concerns have been raised >> by RIPE NCC. >> >> From pure technical point of view I think it might be possible some >> data for Ipv6 (with some false negatives): >> >> - a probe could generate ULA prefix for itself and send traffic from >> that ULA source to, let's say, some anchors (or some other pre-defined >> target which is known for allowing packets from ULA sources). >> Receiving such packet from a probe would prove tat there is no BCP38 >> filtering on the path (however blocking packets proves only the fact >> that ULAs are being blocked, not real spoofed packets). Or maybe a >> probe might get a GUA IP address from RIPE prefix and use it as a >> source.. >> As bi-directional communication is not necessary, any source address would >> work. >> >>> >>> -- >>> Sincerely yours, Pavel Odintsov >>> >> >> >> >> -- >> SY, Jen Linkova aka Furry > > > > -- > Sincerely yours, Pavel Odintsov