On Thu, May 18, 2017 at 11:22:13AM +0300, marius@yo2loj.ro wrote:
I still don't see how this is working, unless all routers on the way implement connection tracking (which is certainly not the case).
So, they send out a spoofed package using a 44 address as origin and then what? The reply will never get back to them. Instead it will be routed to the proper real 44 endpoint, either directly for BGP-ed subnets, or via 44.0.0.1, to no end result.
One-way traffic appears to be used in DDoS attacks, where unanswered traffic is not a hindrence - huge pings, TCP-opens, massive DNS queries, router congestion, all of which use up resources on the victim computers even though there is no expectation of a response.
Modern operating systems are much less vulnerable to such attacks, but they still can affect a large number of the systems on the internet. - Brian