[Cerowrt-devel] BCP38 and interesting IP spoofing attack
Matt Taggart
matt at lackof.org
Tue Oct 29 18:31:16 EDT 2024
Hi CeroWRT!
Sending here because this isn't a bloat thing, but I thought would be
interesting to those that enjoyed CeroWRT:
One weird trick to get the whole planet to send abuse complaints
to your best friend(s)
https://delroth.net/posts/spoofed-mass-scan-abuse/
A blog post that details an interesting attack that involves the
attacker injecting spoofed packets in order to damage the reputation of
target IPs with their ISPs by making it appear they are doing ssh port
scanning. Links with more technical details are in the post too.
The discussion on HN is interesting as well:
https://news.ycombinator.com/item?id=41982698
I was reminded of CeroWRT because (IIRC) the bcp38/luci-app-bcp38
openwrt packages were part of the default image and ever since then I
have installed them on every openwrt router I have configured (not that
it makes a difference for the networks I am configuring, but it should
be the DEFAULT!).
This linked APNIC blog post is interesting too:
https://blog.apnic.net/2023/05/03/why-is-source-address-validation-still-a-problem/
--
Matt Taggart
matt at lackof.org
More information about the Cerowrt-devel
mailing list