This report intends to provide a current view of ingress/egress filtering and susceptibility to IP source packet forging (spoofing) on a given network.
This report is currently based on the CAIDA (Center for Applied Internet Data Analysis) Spoofer project. The CAIDA Spoofer project periodically tests a network’s ability to both send and receive packets with forged source IP addresses (spoofed packets) in support of reporting on best current practice source address validation – BCP38.
The methodology behind the Spoofer project results in a CAIDA initiated test for spoofing in the form of probed packets sent to test the ability of a given IPv4 or IPv6 address / node to send/receive spoofed packets. Each node in the below report has been identified as having sent or received spoofed packets. Each is mapped to a CIDR and autonomous system i.e. different Internet service providers.
While the data in this report is the most comprehensive of its type we are aware of, it is still an ongoing, incomplete project. The data here is representative only of the netblocks, addresses and autonomous systems (ASes) of clients from which we received reports on a daily basis (ie. participating in the CAIDA project).
Feedback, comments and bug fixes are always welcome both to Shadowserver and to CAIDA (by contacting firstname.lastname@example.org). This also includes the option of direct participation in the project through the downloading of client testing software to automatically contribute a report to the CAIDA database. For more details on direct participation as well as other questions, please see the CAIDA Spoofer project FAQ.