* Christopher Morrow: > On Sun, Aug 11, 2013 at 11:40 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > >> Apparently, they're implementing DNS proxy by destination-NATting, and >> because they listen also on the WAN interface, they get the source >> address wrong. >> >> This is quite scary. > > which part? the fact that most NAT implementations on CPE are crap? or > the spoofing bit?
The spoofing bit. Among other things, it makes the impact of CPE crappiness non-localized.