Spoofer Report for NANOG for Jun 2022
In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes. This report summarises tests conducted within usa, can. Inferred improvements during Jun 2022: ASN Name Fixed-By 22898 ATLINK 2022-06-02 208563 LINUXGEMINI 2022-06-15 33696 NEXTARRAY-ASN-01 2022-06-23 Further information for the inferred remediation is available at: https://spoofer.caida.org/remedy.php Source Address Validation issues inferred during Jun 2022: ASN Name First-Spoofed Last-Spoofed 5650 FRONTIER-FRTR 2016-02-22 2022-06-30 54825 PACKET 2016-04-15 2022-06-23 19230 NANOG 2016-06-13 2022-06-07 7029 WINDSTREAM 2016-06-21 2022-06-30 40285 NORTHLAND-CABLE 2016-07-17 2022-06-28 209 CENTURYLINK-US-LEGACY-QWEST 2016-08-16 2022-06-17 6128 CABLE-NET-1 2016-09-03 2022-06-02 27364 ACS-INTERNET 2016-09-27 2022-06-18 20412 CLARITY-TELECOM 2016-09-30 2022-06-30 271 BCNET 2016-10-24 2022-06-30 22898 ATLINK 2016-12-16 2022-06-28 1246 TLL-WEST 2017-04-20 2022-06-29 63296 AWBROADBAND 2017-09-01 2022-06-29 33452 RW 2018-09-19 2022-06-21 8047 GCI 2019-04-11 2022-06-13 21804 ACCESS-SK 2019-06-09 2022-06-18 53703 KWIKOM 2021-01-17 2022-06-30 398836 NP-NETWORKS 2021-03-12 2022-06-18 56207 Converge 2021-03-26 2022-06-06 212934 AS_POTVIN 2021-10-03 2022-06-28 394437 PSLIGHTWAVE 2021-12-02 2022-06-19 12119 ITV-3 2022-06-07 2022-06-14 59 WISC-MADISON 2022-06-14 2022-06-14 32645 PIVOT 2022-06-16 2022-06-16 397086 LAYER-HOST-HOUSTON 2022-06-16 2022-06-23 399486 2022-06-18 2022-06-18 Further information for these tests where we received spoofed packets is available at: https://spoofer.caida.org/recent_tests.php?country_include=usa,can&no_block=1 Please send any feedback or suggestions to spoofer-info@caida.org
"> 19230 NANOG 2016-06-13 2022-06-07" Wait...what? :) scott On 7/8/2022 7:00 AM, CAIDA Spoofer Project wrote:
In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes.
This report summarises tests conducted within usa, can.
Inferred improvements during Jun 2022: ASN Name Fixed-By 22898 ATLINK 2022-06-02 208563 LINUXGEMINI 2022-06-15 33696 NEXTARRAY-ASN-01 2022-06-23
Further information for the inferred remediation is available at: https://spoofer.caida.org/remedy.php
Source Address Validation issues inferred during Jun 2022: ASN Name First-Spoofed Last-Spoofed 5650 FRONTIER-FRTR 2016-02-22 2022-06-30 54825 PACKET 2016-04-15 2022-06-23 19230 NANOG 2016-06-13 2022-06-07 7029 WINDSTREAM 2016-06-21 2022-06-30 40285 NORTHLAND-CABLE 2016-07-17 2022-06-28 209 CENTURYLINK-US-LEGACY-QWEST 2016-08-16 2022-06-17 6128 CABLE-NET-1 2016-09-03 2022-06-02 27364 ACS-INTERNET 2016-09-27 2022-06-18 20412 CLARITY-TELECOM 2016-09-30 2022-06-30 271 BCNET 2016-10-24 2022-06-30 22898 ATLINK 2016-12-16 2022-06-28 1246 TLL-WEST 2017-04-20 2022-06-29 63296 AWBROADBAND 2017-09-01 2022-06-29 33452 RW 2018-09-19 2022-06-21 8047 GCI 2019-04-11 2022-06-13 21804 ACCESS-SK 2019-06-09 2022-06-18 53703 KWIKOM 2021-01-17 2022-06-30 398836 NP-NETWORKS 2021-03-12 2022-06-18 56207 Converge 2021-03-26 2022-06-06 212934 AS_POTVIN 2021-10-03 2022-06-28 394437 PSLIGHTWAVE 2021-12-02 2022-06-19 12119 ITV-3 2022-06-07 2022-06-14 59 WISC-MADISON 2022-06-14 2022-06-14 32645 PIVOT 2022-06-16 2022-06-16 397086 LAYER-HOST-HOUSTON 2022-06-16 2022-06-23 399486 2022-06-18 2022-06-18
Further information for these tests where we received spoofed packets is available at: https://spoofer.caida.org/recent_tests.php?country_include=usa,can&no_block=1
Please send any feedback or suggestions to spoofer-info@caida.org
I just realized that many automatically put emails with the subject line of "Spoofer Report for NANOG" in the trash, so I changed it. Is that for real or a spoof itself? If it's real I know a buncha guys that will help. ;) scott On 7/8/2022 10:35 AM, scott wrote:
"> 19230 NANOG 2016-06-13 2022-06-07"
Wait...what? :)
scott
On 7/8/2022 7:00 AM, CAIDA Spoofer Project wrote:
In response to feedback from operational security communities, CAIDA's source address validation measurement project (https://spoofer.caida.org) is automatically generating monthly reports of ASes originating prefixes in BGP for systems from which we received packets with a spoofed source address. We are publishing these reports to network and security operations lists in order to ensure this information reaches operational contacts in these ASes.
This report summarises tests conducted within usa, can.
Inferred improvements during Jun 2022: ASN Name Fixed-By 22898 ATLINK 2022-06-02 208563 LINUXGEMINI 2022-06-15 33696 NEXTARRAY-ASN-01 2022-06-23
Further information for the inferred remediation is available at: https://spoofer.caida.org/remedy.php
Source Address Validation issues inferred during Jun 2022: ASN Name First-Spoofed Last-Spoofed 5650 FRONTIER-FRTR 2016-02-22 2022-06-30 54825 PACKET 2016-04-15 2022-06-23 19230 NANOG 2016-06-13 2022-06-07 7029 WINDSTREAM 2016-06-21 2022-06-30 40285 NORTHLAND-CABLE 2016-07-17 2022-06-28 209 CENTURYLINK-US-LEGACY-QWEST 2016-08-16 2022-06-17 6128 CABLE-NET-1 2016-09-03 2022-06-02 27364 ACS-INTERNET 2016-09-27 2022-06-18 20412 CLARITY-TELECOM 2016-09-30 2022-06-30 271 BCNET 2016-10-24 2022-06-30 22898 ATLINK 2016-12-16 2022-06-28 1246 TLL-WEST 2017-04-20 2022-06-29 63296 AWBROADBAND 2017-09-01 2022-06-29 33452 RW 2018-09-19 2022-06-21 8047 GCI 2019-04-11 2022-06-13 21804 ACCESS-SK 2019-06-09 2022-06-18 53703 KWIKOM 2021-01-17 2022-06-30 398836 NP-NETWORKS 2021-03-12 2022-06-18 56207 Converge 2021-03-26 2022-06-06 212934 AS_POTVIN 2021-10-03 2022-06-28 394437 PSLIGHTWAVE 2021-12-02 2022-06-19 12119 ITV-3 2022-06-07 2022-06-14 59 WISC-MADISON 2022-06-14 2022-06-14 32645 PIVOT 2022-06-16 2022-06-16 397086 LAYER-HOST-HOUSTON 2022-06-16 2022-06-23 399486 2022-06-18 2022-06-18
Further information for these tests where we received spoofed packets is available at: https://spoofer.caida.org/recent_tests.php?country_include=usa,can&no_block=1
Please send any feedback or suggestions to spoofer-info@caida.org
I just realized that many automatically put emails with the subject line of "Spoofer Report for NANOG" in the trash, so I changed it.
Is that for real or a spoof itself? If it's real I know a buncha guys that will help. ;)
This is real: https://spoofer.caida.org/recent_tests.php?as_include=19230 These are correlated with conference network deployments at each NANOG event. Some NANOG conference networks have SAV deployed (more so before 2017), but my understanding is that networking equipment does not come with SAV enabled by default, so it is easy to overlook. Matthew
On 7/10/2022 11:18 AM, Matthew Luckie wrote:
I just realized that many automatically put emails with the subject line of "Spoofer Report for NANOG" in the trash, so I changed it.
Is that for real or a spoof itself? If it's real I know a buncha guys that will help. ;)
This is real:
https://spoofer.caida.org/recent_tests.php?as_include=19230
These are correlated with conference network deployments at each NANOG event. Some NANOG conference networks have SAV deployed (more so before 2017), but my understanding is that networking equipment does not come with SAV enabled by default, so it is easy to overlook.
Ah, OK. I didn't think of conferences. DOH! I have never been to one. Thanks! scott
I can confirm that the hardware that NANOG does use can't filter it all automatically I think for v6 as I helped them look at it. Sent via RFC1925 compliant device
On Jul 10, 2022, at 5:22 PM, Matthew Luckie <mjl@luckie.org.nz> wrote:
I just realized that many automatically put emails with the subject line of "Spoofer Report for NANOG" in the trash, so I changed it.
Is that for real or a spoof itself? If it's real I know a buncha guys that will help. ;)
This is real:
https://spoofer.caida.org/recent_tests.php?as_include=19230
These are correlated with conference network deployments at each NANOG event. Some NANOG conference networks have SAV deployed (more so before 2017), but my understanding is that networking equipment does not come with SAV enabled by default, so it is easy to overlook.
Matthew
participants (4)
-
CAIDA Spoofer Project
-
Jared Mauch
-
Matthew Luckie
-
scott