* [Cerowrt-devel] BCP38 and interesting IP spoofing attack
@ 2024-10-29 22:31 Matt Taggart
0 siblings, 0 replies; only message in thread
From: Matt Taggart @ 2024-10-29 22:31 UTC (permalink / raw)
To: cerowrt-devel
Hi CeroWRT!
Sending here because this isn't a bloat thing, but I thought would be
interesting to those that enjoyed CeroWRT:
One weird trick to get the whole planet to send abuse complaints
to your best friend(s)
https://delroth.net/posts/spoofed-mass-scan-abuse/
A blog post that details an interesting attack that involves the
attacker injecting spoofed packets in order to damage the reputation of
target IPs with their ISPs by making it appear they are doing ssh port
scanning. Links with more technical details are in the post too.
The discussion on HN is interesting as well:
https://news.ycombinator.com/item?id=41982698
I was reminded of CeroWRT because (IIRC) the bcp38/luci-app-bcp38
openwrt packages were part of the default image and ever since then I
have installed them on every openwrt router I have configured (not that
it makes a difference for the networks I am configuring, but it should
be the DEFAULT!).
This linked APNIC blog post is interesting too:
https://blog.apnic.net/2023/05/03/why-is-source-address-validation-still-a-problem/
--
Matt Taggart
matt@lackof.org
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-10-29 22:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-29 22:31 [Cerowrt-devel] BCP38 and interesting IP spoofing attack Matt Taggart
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox