nanog mailing list archives
Re: Is malicious asymmetrical routing still a thing?
From: William Herrin <bill () herrin us>
Date: Thu, 9 Mar 2023 17:12:40 -0800
On Thu, Mar 9, 2023 at 4:05 PM Grant Taylor via NANOG <nanog () nanog org> wrote:
On 3/9/23 2:19 PM, Christopher Munz-Michielin wrote:Not this exact scenario, but what we see a lot of in my VPS company is people sending spam by using our VPS' source addresses, but routing outbound via some kind of tunnel to a VPN provider or similar in order to bypass our port 25 blocks.I'd be curious what VPN providers they are using so that I could start blocking them. That seems like another player in the criminal support ecosystem.
If I had to put money on it, it's not VPN providers but other VPS providers. VPN providers don't have enough business that anyone cares about to avoid getting killed over BCP38 non-compliance. It's trivial to turn a $5 VPS into a disposable VPN head-end that can spray TCP SYN packets at a modest rate, and once the packet is on the backbone somewhere in the world not only can't you do anything about it, it's just on the near side of impossible to figure out where it originally entered. Unless you want to start handing out BGP AS death penalties to entire "tier 1's" who don't instrument their reciprocal peering connections well enough for third parties to trace the source of spoofed packets. Which is 100% of everyone right now. That sort of instrumentation would be darn expensive. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
Current thread:
- Is malicious asymmetrical routing still a thing? John Levine (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Aaron1 (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? William Herrin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Jon Lewis (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Grant Taylor via NANOG (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Mark Tinka (Mar 12)
- Re: Is malicious asymmetrical routing still a thing? William Herrin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Christopher Munz-Michielin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Christopher Morrow (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Grant Taylor via NANOG (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? William Herrin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? William Herrin (Mar 09)
- Re: Is malicious asymmetrical routing still a thing? Aaron1 (Mar 09)