[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BCP38.info

Subject: BCP38.info
From: jared at puck.nether.net (Jared Mauch)
Date: Tue, 28 Jan 2014 08:06:31 -0500
In-reply-to: <[email protected]>
References: <[email protected]>

On Jan 26, 2014, at 12:47 PM, Jay Ashworth <jra at baylink.com> wrote:

> something like 6 years ago, and couldn't get any traction on it then; 
> I'm not sure I think much has changed -- apparently, extracting your
> BP thoughts from mailing list postings and putting them into a wiki is
> more effort than most NANOGers are up to.

I do have a list of the top ASNs that can be shown to allow IP spoofing by looking at
the DNS scans part of the OpenResolverProject:

  52731 ASN7922
  31251 ASN9394
  25241 ASN17964
  15951 ASN4847
   7576 ASN17430
   5800 ASN17430
   4110 ASN7497
   3645 ASN9812
   3492 ASN6854

http://openresolverproject.org/spoof-src-dst-asns-20140126.txt

What the data is:

It includes IP address where you send a DNS packet to it and another IP address responds to the query, e.g.:

[jared at hostname ~/spoof]$ dig @101.0.37.11
;; reply from unexpected source: 182.19.83.65#53, expected 101.0.37.11#53

The data only includes those where the ?source-ASN? and ?dest-asn? of these packets don?t match.

- Jared

Follow-Ups:
- BCP38.info
  - From: tglassey at earthlink.net (TGLASSEY)
- BCP38.info
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

References:
- BCP38.info
  - From: jra at baylink.com (Jay Ashworth)

Prev by Date: Terremark Miami
Next by Date: Fwd: [afnog] Introducing Southern Africa Network Operators Group - SAFNOG
Previous by thread: BCP38.info
Next by thread: BCP38.info
Index(es):
- Date
- Thread