Re: Is malicious asymmetrical routing still a thing?

On Thu, Mar 9, 2023 at 5:12 PM William Herrin wrote: > It's trivial to turn a $5 VPS into a disposable VPN head-end that can > spray TCP SYN packets at a modest rate, and once the packet is on the > backbone somewhere in the world not only can't you do anything about > it, it's just on the near si

Re: Is malicious asymmetrical routing still a thing?

On Thu, Mar 9, 2023 at 4:05 PM Grant Taylor via NANOG wrote: > On 3/9/23 2:19 PM, Christopher Munz-Michielin wrote: > > Not this exact scenario, but what we see a lot of in my VPS company is > > people sending spam by using our VPS' source addresses, but routing > > outbound via some kind of tunne

Re: Is malicious asymmetrical routing still a thing?

On 3/9/23 2:19 PM, Christopher Munz-Michielin wrote: Not this exact scenario, but what we see a lot of in my VPS company is people sending spam by using our VPS' source addresses, but routing outbound via some kind of tunnel to a VPN provider or similar in order to bypass our port 25 blocks.

Re: Is malicious asymmetrical routing still a thing?

On 3/9/23 1:39 PM, William Herrin wrote: I would hope folks are implementing uRPF on commodity broadband connections. That's one place it works great. I would hope so too. I also would hope that uRPF was enabled by default on SOHO routers. And yet ... I'm routinely disappointed. CADIA has a

Re: Is malicious asymmetrical routing still a thing?

On Thu, 9 Mar 2023, William Herrin wrote: On Thu, Mar 9, 2023 at 12:27 PM Aaron1 wrote: Sounds like something uRPF would prevent Does anyone do uRPF ? lol I would hope folks are implementing uRPF on commodity broadband connections. That's one place it works great. My home wifi AP blocked

Re: Is malicious asymmetrical routing still a thing?

On Thu, Mar 9, 2023 at 4:19 PM Christopher Munz-Michielin wrote: > > Not this exact scenario, but what we see a lot of in my VPS company is > people sending spam by using our VPS' source addresses, but routing > outbound via some kind of tunnel to a VPN provider or similar in order > to bypass our

Re: Is malicious asymmetrical routing still a thing?

Not this exact scenario, but what we see a lot of in my VPS company is people sending spam by using our VPS' source addresses, but routing outbound via some kind of tunnel to a VPN provider or similar in order to bypass our port 25 blocks. We've had to start blocking source port 25 to catch th

Re: Is malicious asymmetrical routing still a thing?

On Thu, Mar 9, 2023 at 12:27 PM Aaron1 wrote: > Sounds like something uRPF would prevent > > Does anyone do uRPF ? lol I would hope folks are implementing uRPF on commodity broadband connections. That's one place it works great. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume

Re: Is malicious asymmetrical routing still a thing?

Sounds like something uRPF would prevent Does anyone do uRPF ? lol Aaron > On Mar 9, 2023, at 2:03 PM, John Levine wrote: > > Back in the olden days, a spammer would set up a server with a fast > broadband connection and a dialup connection, and send out lots of > spam over the broadband c

Is malicious asymmetrical routing still a thing?

Back in the olden days, a spammer would set up a server with a fast broadband connection and a dialup connection, and send out lots of spam over the broadband connection using the dialup's IP address. Since mail traffic is quite asymmetric, this got them most of the broadband speed, and when the d

My "N87 Moment" PC Shares Favorites + More

*What Was Your N87 Moment?* *PC Recalls Their Favorite NANOG 87 Moment* The NANOG Programming Committee shares personal stories that made our most recent meeting memorable. What was your NANOG 87 Moment? Please email us at n...@nanog.org. *READ NOW

NetElastic

Anyone here running NetElastic? If so, what are your opinions on it. vBNG and CGNAT. Thank you Travis