Alex Saroyan wrote on 7/18/13 8:53 AM:
Hi,
I think some hosts would like theirs probes to be used for "source IP spoofing" check, and only such probes could be used for this particular type of check. If RIPE Atlas team implement such features then probably many hosts will "enable" "Source IP spoofing check ability" on theirs probes and that can serve for community at the end.
I support this point of view. I think controlled (anti-)spoofing measurements performed by the RIPE NCC with the consent of participating probes would be a good service to the community. I understand that a certain percentage of probes is sitting behind NAT where spoofing won't work in most cases, but there is hopefully a significant number of probes that are connected directly. Regarding the problem itself we are tackling here, we published a follow up to the panel we held at RIPE66: http://www.internetsociety.org/doc/anti-spoofing-continuing-dialogue. Hope this helps raising awareness of the issue further.
Of course overall mechanism should be in a way not make anyone to suspect that probe can do spoofing by default or probe can do any harmful thing.
Agree, Andrei
Alex Saroyan
On 06/12/2013 10:37 PM, Daniel Karrenberg wrote:
On 12.06.2013, at 17:44 , Joe Provo <jzp-ripe@rsuc.gweep.net> wrote:
I would encourage those in the community who wish to be performing individual spoof testing (or instruct others how to do so) to use the easy-peasey pointy-clicky CAIDA/CSAIL tool: http://spoofer.cmand.org/ (also spoofer.csail.mit.edu, spooftest.net, etc etc) Seconded. Using this something like this is a conscious decision of the user. I have personally run Robert Beverley's probes regularly for many years and I am proud to say that both my broadband providers have never allowed source address spoofing. This involves a conscious decision on my part taking into account local network etiquette, my relation to my providers and the local legal situation. It is very very different from the RIPE community deciding to use RIPE Atlas to do this from my network.
Daniel