18 May
2017
18 May
'17
4:06 a.m.
I suspected at some point that there is a network
using 44 addresses
internally, had some leaks on them and that the garbage (DNS replies,
ICM rejects, IP fragments and such stuff) were the replies from hosts on
the internet receiving that traffic and sending replies back via the
ampr-gw.
I think that is not a legitimate use but an attack group that spoofs sender
addresses when sending their attacks and they use net-44 addresses as well.
To have that go down, more ISPs should implement BCP38 (source address filtering).
Unfortunately, there is little incentive for ISPs to do that, because it benefits
only others and not themselves.
Rob