> You know if anyone was of a mind to find someone at fault over this, > I'd start pointing the finger at ISP's who haven't been doing this > due to "performance reasons". They've had the ability to do it for > years and in doing so would seriously reduce the number and possibility > of "spoofing" attacks. Agreed, I myself work for an ISP which provides co-location services, and at first most admins (with years of experience might i add), just don't cared much about what's going out. When I got them all to filter outgoing packets, traffic dropped. A solution would be for kernels to provide an option to keep a local IP lookup table which could be simply based on network interfaces; of course, given an stable implementation, this option enabled by default would take care of spoofing problems for admins who don't think much about what they're sending out -- i mean, they're big part of the problem.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:34:46 PDT