Actually, I misspoke earlier, but not quite. ;-)
Rob Beverly has an ongoing project which I have wholly endorsed,
but it has gotten relatively little attention:
http://spoofer.csail.mit.edu/
I would highly recommend that folks how choose to so, please
participate. :-)
- ferg
p.s. Statistics
The only data I have is from the MIT anti-spoofing test project which
has been pretty consistent for a long time. About 75%-80% of the nets,
addressses, ASNs tests couldn't spoof, and about 20%-25% could.
The geo-location maps don't show much difference between parts of
the world. RIPE
This would appear, on its face, to be an easy exercise in educating
the IPSs in the foodchain.
Is there reasonable enough interest with NANOG to do that? If so,
I volunteer to workshop at the next NANOG.
But only if there is reasonable consensus to that effect. Or someone
else could do it, too.
On Thu, 26 Oct 2006, Fergie wrote:
The point I'm trying to make is that if the community thinks it is
valuable, then the path is clear.
What is the biggest problem to solve? Would it be enough for ISPs to make
sure that they will not send out packets which didn't belong within their
PA
On Thu, 2006-10-26 at 02:20 -0400, Sean Donelan wrote:
http://spoofer.csail.mit.edu/summary.php
If someone finds the silver bullet that will change the remaining 25% or
so of networks, I think ISPs on every continent would be interested.
Financial incentive is the key. If there is none,
On Thu, 26 Oct 2006 02:20:48 -0400 (EDT), Sean Donelan [EMAIL PROTECTED]
wrote:
The only data I have is from the MIT anti-spoofing test project which
has been pretty consistent for a long time. About 75%-80% of the nets,
addressses, ASNs tests couldn't spoof, and about 20%-25% could.
On Oct 26, 2006, at 9:33 AM, Steven M. Bellovin wrote:
Put another way, anti-spoofing does three things: it makes reflector
attacks harder, it makes it easier to use ACLs to block sources,
and it
helps people track down the bot and notify the admin. Are people
actually
successfully doing
Put another way, anti-spoofing does three things: it makes reflector
attacks harder, it makes it easier to use ACLs to block sources, and it
helps people track down the bot and notify the admin. Are people actually
successfully doing either of the latter two?
I think it's a time constraint-
On Thu, 26 Oct 2006, Don wrote:
Has anyone put together a centralized system where you can send in a list of
attacking bots, let it automatically sort by allocation, and then let it
notify the appropriate admin with a list of [potentially] compromised hosts?
mynetwatchman [1] comes to mind
- Original Message -
From: william(at)elan.net [EMAIL PROTECTED]
To: Don [EMAIL PROTECTED]
Cc: nanog@merit.edu
Sent: Thursday, October 26, 2006 8:17 AM
Subject: Re: BCP38 thread 93,871,738,435 (was Re: register.com down sev0?)
On Thu, 26 Oct 2006, Don wrote:
Has anyone put
On Thu, 26 Oct 2006, Mikael Abrahamsson wrote:
On Thu, 26 Oct 2006, Fergie wrote:
The point I'm trying to make is that if the community thinks it is
valuable, then the path is clear.
I of course realise that it's best if user cannot spoof at all, but it
might be easier for ISPs to
On Thu, 26 Oct 2006, Fergie wrote:
I don't want to detract from the heat of this discussion, as
important as it is, but it (the discussion) illustrates a point
that RIPE has recognized -- and is actively perusing -- yet, ISPs
on this continent seem consistently to ignore: The consistent
No.
I think that is indicative of the problem.
Don't you?
- ferg
-- Sean Donelan [EMAIL PROTECTED] wrote:
On Thu, 26 Oct 2006, Fergie wrote:
I don't want to detract from the heat of this discussion, as
important as it is, but it (the discussion) illustrates a point
that RIPE has
13 matches
Mail list logo
