11 Aug
2013
11 Aug
'13
8:45 a.m.
* Jared Mauch:
Number of unique IPs that spoofed a packet to me. (eg: I sent a packet to 1.2.3.4 and 5.6.7.8 responded).
That's not necessarily proof of spoofing, isn't it? The system in question might legitimately own IP addresses from very different networks. If the system is a router and the service you're pinging is not correctly implemented and it picks up the IP address of the outgoing interface instead of the source address of the request, that's totally expected. I'm not saying that BCP 38 is widely implement (it's not, unless operators have configured exceptions for ICMP traffic from private address, which I very much doubt). I just think you aren't actually measuring spoofing capabilities.