Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#1112 closed task (fixed)

source IP address spoofing from AS56554 (IETF meeting network)

Reported by: mjl@… Owned by: jim@…
Priority: tbd Milestone: ietf-099
Component: network Keywords:
Cc: My Current Location:
My MAC Address: My OS:



While reviewing recent public tests from the CAIDA spoofer client

I came across one involving the IETF meeting network.  It seems that
based on the testing history for AS56554, there is inadequate filtering
of IPv6 packets with invalid source addresses, so packets with spoofed
source addresses can leave your network.  These systems can
participate in volumetric denial of service attacks.



Attachments (2)

signature.asc (204 bytes) - added by mjl@… 4 years ago.
Added by email2trac
signature-1.asc (163 bytes) - added by mjl@… 4 years ago.
Added by email2trac

Download all attachments as: .zip

Change history (8)

Changed 4 years ago by mjl@…

Attachment: signature.asc added

Added by email2trac

comment:1 Changed 4 years ago by llynch@…

Component: incomingnetwork
Owner: changed from < default > to jim@…
Status: newassigned
Type: requesttask

Jim -

I'll let you assign this one -

  • Lucy

comment:2 Changed 4 years ago by jim@…


Ironically, I think it's the spoofer client on my laptop that reported that. I kicked it off when we started the network build, and I saw v4 pass, and missed going back to check for v6. I'll have the routing team look into it, but we need to be very conservative in changes once the meetings start.

Thanks very much for pointing this out!

  • Jim

comment:3 Changed 4 years ago by jim@…

Resolution: fixed
Status: assignedclosed


Looks like the v6 BCP38 filter was disabled on one of our external routers during some debugging during setup. We've reenabled it and things look good. See

Thanks for the nudge! Closing this ticket, but a reply will reopen.

  • Jim

comment:4 in reply to:  5 Changed 4 years ago by mjl@…

Resolution: fixed
Status: closedreopened
Hi Jim,

Thanks for supporting the project by installing the spoofer client, much
appreciated.  I actually tried to report this last week before the IETF
meeting but the email bounced because the ticket system wasn't open.
Can the ticket system can open earlier next time?

Any chance you can be convinced to attend opsec on Wednesday and argue
for better SAV defaults?



Changed 4 years ago by mjl@…

Attachment: signature-1.asc added

Added by email2trac

comment:5 Changed 4 years ago by jim@…

Resolution: fixed
Status: reopenedclosed

I'll see if I can make it to OPSEC. Thanks for the encouragement!


  • Jim

comment:6 Changed 3 years ago by Rick Alfvin

Milestone: ietf-99ietf-099

Milestone renamed

Note: See TracTickets for help on using tickets.