Re: [swinog] [Fwd: [Full-disclosure] DNS Smurf revisited]
On Fri, May 27, 2005 at 09:31:32PM +0200, Simon Leinen wrote: I can spoof packets from my home broadband connection (and probably the 299'999 other broadband customers of that Swiss ISP can do so as well :-). Hopefully other Swiss ISPs do this better. sunrise freesurf used to allow this also, didn't try for some time. (it even let source address be in the private address space) ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] [Fwd: [Full-disclosure] DNS Smurf revisited]
On Mon, May 30, 2005 at 09:55:39AM +0200, Marc SCHAEFER wrote: On Fri, May 27, 2005 at 09:31:32PM +0200, Simon Leinen wrote: I can spoof packets from my home broadband connection (and probably the 299'999 other broadband customers of that Swiss ISP can do so as well :-). Hopefully other Swiss ISPs do this better. sunrise freesurf used to allow this also, didn't try for some time. (it even let source address be in the private address space) amazing to still see this in 2005! is there valuable argument from these ISP or is it ignorance / badly designed networks?? on the leaf interfaces of the ISP routing topology: (cisco) ip verify unicast reverse-path (linux) echo 1 /proc/sys/net/ipv4/conf/ethN/rp_filter there is still this good paper from cisco, it's a bit dated but probably mean no real valuable features was added in IOS since 2001: http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip bye. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Route leak from AS13237
Hi, due to a misconfiguration by one of our customers we have tripped the max prefix filter of many peers. There are still some sessions that are not up after our route leak on Sunday morning. If you see your AS in the list below, please clear the session with 194.42.48.79. We are currently announcing 731 prefixes. We apologise for any inconvenience caused. Peer AS InPkt OutPktOutQ Flaps Last Up/Dwn State|#Active/Received/Damped... 194.42.48.2 8271 97060 100429 0 4 1d 14:17:47 Active 194.42.48.3 6730 470489 352094 0 5 1d 14:19:39 Active 194.42.48.15 9044 98142 100019 0 5 1d 14:19:47 Active 194.42.48.1613030 95906 98303 0 9 1d 14:19:46 Active 194.42.48.18 1836 341332 350986 0 7 1d 14:19:47 Active 194.42.48.3215623 336740 349472 0 4 1d 14:19:46 Active 194.42.48.39 6772 114764 118627 0 5 1d 14:19:46 Active 194.42.48.5112350 97218 100669 0 16 1d 14:17:47 Active 194.42.48.6321494 213250 221656 0 9 1d 14:20:49 Active 194.42.48.74 8928 362223 350841 0 5 1d 14:17:47 Active Thanks, Dirk Dirk Geisler TAC_IP (AS13237) LambdaNet Communications Deutschland AG Günther-Wagner Allee 13 D-30177 Hannover (Germany) Phone: +49 511 / 84881485 Mobil: +49 173 / 6291485 Telefax: +49 511 / 84881409 mailto:[EMAIL PROTECTED] http://www.lambdanet.de ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] [Fwd: [Full-disclosure] DNS Smurf revisited]
On Mon, May 30, 2005 at 05:59:35PM +0200, Jean-Pierre Schwickerath wrote: is there valuable argument from these ISP or is it ignorance / badly designed networks?? Once someone told me they couldn't do it because it would add too much delay to the packet and that their hardware would would have to throttle the throughput if they wanted to do that on gigabit links. performances problems on an operation which is basically a routing lookup 4 bytes aside the usual place? funky. But then someone has to explain me how other people manage to do full NIDS inspection on gigabit links. absolutely. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne http://philou.ch/ ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog