[copying mat-wg, since it is about measureents] Lorenzo Colitti wrote on 9/18/13 6:42 AM:

On Sun, Sep 15, 2013 at 11:57 AM, Randy Bush <randy@psg.com <mailto:randy@psg.com>> wrote:

then again, if you think most of the botnets are behind broadband home networks, it makes an interesting sample. compare spoof density of natted vs un-natted. but then, how you gonna spoof from behind a nat?

Just send the packet?

I expect a nontrivial proportion of NATs will just say "Source address not in 192.168.1.0/24 <http://192.168.1.0/24>? Cool, don't have to NAT! Just pass it along." :-)

If only we had data ;). It would be interesting, indeed, to see how feasible spoofing is in a natted environment, broadband access networks in particular. It seems that this is the case where spoofing may cause serious problems to the provider itself, as opposed to someone else in the Internet. So, one could assume that even if there are NATs that allow this stupid thing, there maybe DOCSIS SAV and other safeguards in the BB provider provisioning system. Andrei