[LACNIC/Seguridad] Fwd: [Re: Spoofer project update -- need 3-5 minutes of your time to test]

Roque Gagliano roque en lacnic.net
Vie Abr 17 09:15:58 BRT 2009

Hash: SHA1


Me llegó el pedido de publicar en esta lista esta información sobre un  
test que se puede correr en cada red para estudiar la posibilidad o no  
de realizar spoofing de ips desde vuestra PC.

Hay una RFC (RFC2827) y el BCP 38 (rfc3704) que dan las indicaciones  
sobre cómo configurar los filtros anti-spoofing.

También hay un grupo de trabajo en el IETF llamado SAVI (Source  
Address Validation Improvements) que está trabajando en nuevas  
herramientas para luchar con el problema del spoofing de IPs.  
Particularmente en este grupo de trabajo el interés es colocar filtros  
anti-spoofing en una red ethernet, con filtros y protocolos entre los  
switches, usando material firmado.

La herramienta que han implementado en el MIT intenta enviar paquetes  
UDP con determinadas IP de origen spoofeadas (incluso RFC1918) a  
varios probes (84 en realidad) localizados alrededor del mundo. Luego  
hace unos traceroute y te muestra el resultado por ASN.

Corranlo, es divertido! Aquí está el link: http://spoofer.csail.mit.edu


Begin forwarded message:
> ----- Forwarded message from k claffy <kc en rommie.caida.org> -----
> Date: Sun, 5 Apr 2009 10:08:13 -0700
> From: k claffy <kc en rommie.caida.org>
> To: nanog en nanog.org
> Cc: Robert Beverly <rbeverly en rbeverly.net>, k claffy <kc en rommie.caida.org 
> >
> Subject: Re: Spoofer project update -- need 3-5 minutes of your time  
> to test
> < a call to fingers >
> please run this test if you haven't already.
> we're trying to get a 2009 baseline on filtering.
> i've blogged a reminder at:
> http://blog.caida.org/best_available_data/2009/04/05/spoofer-measure-your-networks-hygiene/
> and will post results there (and here) too, once we have some.
> if you run into any problems, email us.
> Internet science: can't do it without you, yada.
> k
> ps: if you want to host an Ark node so we can test
> topology near you in the future, read
> http://www.caida.org/projects/ark/siteinfo.xml
> and send us mail.
> On Tue, Mar 31, 2009 at 11:36:18AM -0400, Robert Beverly wrote:
>  Hi, as many of you are acutely aware, IP source spoofing is still a
>  common attack vector.  The ANA spoofer project:
>    http://spoofer.csail.mit.edu
>  first began quantifying the extent of source verification in 2005.
>  We've amassed several years worth of data -- data that has become
>  particularly interesting in light of recent attacks.  However, our
>  data raised as many questions as it answered.  Hence, we have
>  developed a new version of the tester designed to answer these
>  questions and improve our Internet-wide inferences.
>  What's New:
>    In addition to new tests, we've hooked into CAIDA's Ark
>    infrastructure which allows us to perform multiple
>    path-based measurements.  This information is presented to
>    the client now in visual form; see the screenshots for an
>    example report:
>       http://spoofer.csail.mit.edu/example/example.php
>  How you can help:
>    Simple -- take a few minutes to download and run the
>    tester.  The more points you can run the tester from, the
>    better.
>  Comments/Flames:
>    Welcome, and we appreciate all feedback.  Be sure to read
>    the FAQ:  http://spoofer.csail.mit.edu/faq.php
>  Many thanks,
>  rob
> ----- End forwarded message -----

Version: GnuPG v1.4.8 (Darwin)


Más información sobre la lista de distribución Seguridad