Re: [44net] misconfigured encap routers?

In analyzing the log, it's pretty clear that before I started filtering these packets out, amprgw was being used to attack hosts all over the Internet from a huge list of spoofed packet outer source addresses. New firewall rules require that incoming proto-4 packets have to have an outer source address of one of the registered gateways, and forwarding rules require the inner source address to be on network 44 and on the list of registered hosts. This should help some. Given those rules, the following gateways have been attempting to send encap packets with non-44 inner source addresses: 23.30.150.141 24.55.194.111 24.147.182.8 24.215.95.200 24.229.88.253 59.167.198.158 67.164.64.8 77.138.34.39 85.186.143.52 85.234.252.133 87.105.249.51 87.251.250.110 91.121.90.186 * 104.49.12.130 104.238.183.161 * this one has been doing it a lot If people who operate these gateways could look into why they're doing this it would be appreciated. - Brian On Thu, Apr 20, 2017 at 05:50:41AM +0000, R P wrote: