11 Aug
2013
11 Aug
'13
12:14 p.m.
* Christopher Morrow:
On Sun, Aug 11, 2013 at 11:40 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
Apparently, they're implementing DNS proxy by destination-NATting, and because they listen also on the WAN interface, they get the source address wrong.
This is quite scary.
which part? the fact that most NAT implementations on CPE are crap? or the spoofing bit?
The spoofing bit. Among other things, it makes the impact of CPE crappiness non-localized.