Hi, The CAIDA Spoofer project has been collecting and publicly sharing data on the deployment of source address validation since March 2016. We've built up a reasonably large install-base of the open-source client, and receive tests from 400-500 unique IPs per day. We're posting reports with links to test outcomes on the spoofer website. In particular, we've got summary statistics for each AS at: https://spoofer.caida.org/as_stats.php If you know an operator for anyone on that list who has at least one spoofable prefix, please feel free to reach out to them and let them know. I've been sending emails to abuse contacts for nearly a year now. Roughly 1/5 ASes I've contacted have fixed at least one problem. The remediation we know about (automatically generated) is at: https://spoofer.caida.org/remedy.php In order to improve the notification emails, I'm also soliciting configuration snippets from operators who have deployed source address validation. If you have deployed SAV and wouldn't mind sharing redacted configuration (privately is fine) including any necessary platform details (such as vendor and operating system) we would greatly appreciate it. We will aggregate and post configuration snippets at https://spoofer.caida.org/ Matthew
Is it me or NANOG's AS allowing spoofing? https://spoofer.caida.org/as.php?asn=19230 On 17-08-03 09:19 PM, Matthew Luckie wrote:
Hi,
The CAIDA Spoofer project has been collecting and publicly sharing data on the deployment of source address validation since March 2016. We've built up a reasonably large install-base of the open-source client, and receive tests from 400-500 unique IPs per day. We're posting reports with links to test outcomes on the spoofer website. In particular, we've got summary statistics for each AS at:
https://spoofer.caida.org/as_stats.php
If you know an operator for anyone on that list who has at least one spoofable prefix, please feel free to reach out to them and let them know. I've been sending emails to abuse contacts for nearly a year now. Roughly 1/5 ASes I've contacted have fixed at least one problem. The remediation we know about (automatically generated) is at:
https://spoofer.caida.org/remedy.php
In order to improve the notification emails, I'm also soliciting configuration snippets from operators who have deployed source address validation. If you have deployed SAV and wouldn't mind sharing redacted configuration (privately is fine) including any necessary platform details (such as vendor and operating system) we would greatly appreciate it. We will aggregate and post configuration snippets at https://spoofer.caida.org/
Matthew
participants (2)
-
Jean | ddostest.me
-
Matthew Luckie