On Mon, 9 Sep 1996, Perry E. Metzger wrote:
I think its time for the larger providers to start filtering packets coming from customers so that they only accept packets with the customer's network number on it.
Yes, its a load on routers. Yes, its nasty for the mobile IP weenies. Unfortunately, the only known way to stop this.
On my private network I can send 600 or more SYN packets to my telnet port (w/faked, unreachable source addresses + random seq numbers), yet the port doesn't seem to be flooded. It's a linux box. The telnet daemon seems to be able to tell the difference between a faked packet and a real one. Even when spoofing from localhost, it reports a connection from unknown. Obviously, there seems to be a solution to this problem. ?? -- Billy Biggs Ottawa, Canada