> On Sep 23, 2016, at 5:24 PM, Hugo Slabbert <h...@slabnet.com> wrote: > > Please tell me why I can't spoof source IPs on a stateless protocol like GRE. > If he specifically meant you can't spoof a source, hit a reflector, and gain > amplification, sure, but I see zero reason why GRE can't have spoofed source > IPs. It bothered me sufficiently that I wrote up some spit-balling ideas > about reflecting GRE using double encapsulation[2]. Very rough and untested, > but apparently I got a bee in my bonnet...
my guess is the GRE traffic was harder to filter because many providers use GRE to deliver ‘clean’ traffic back to origin sites. - Jared