Comment by Fabricio20

1 day ago

IP spoofing is pretty uncommon nowadays because everyone has anti-spoofing mechanisms in place and most ASNs often don't forward spoofed addresses outbound.

But as the sibling mentioned, even with spoofing, you can still follow the packet trail from your border routers upstream. I think the main thing we are lacking is just responsibility on the ISP side, if someone reaches out complaining that half of your customers are sending ddos attacks, maybe you need to do something about it. Most of these huge attacks are compromised routers or IoT devices (remember Mirai Botnet?).

2 comments

Fabricio20

Reply
esseph  1 day ago

This is clearly not true, or the CAIDA anti-spoofer project wouldn't exist.

https://spoofer.caida.org/summary.php

  • Fabricio20  1 day ago

    Just because SOME ASNs don't have it in place doesn't mean it's not uncommon. In the link provided, 80% of all tracked network blocks for ipv4 are blocking spoofing. Though they only track 1000 ipv4 /24 blocks and their data is highly biased towards having spoofable ranges, considering their end goal is identifying spoofable networks!