On Sun, Aug 31, 2003 at 02:34:28PM -0700, owen@delong.com said: [snip]
What you are saying works only so long as none of your edge connections represent a significant portion of the internet. How do you anti-spoof, for example, a peering link with SPRINT or UUNET? It's not realistic to think that you know which addresses could or could not legitimately come from them.
another poster wrote that the spoofed traffic he was seeing was coming from 0.0.0.4 - 40.0.0.0 in .4 increments ... simple bogon filtering would get rid of a good chunk of that space. Granted, it's a small subset of anti-spoof filtering, but there are still networks out there that don't even make _that_ best effort. If folks would simply make the best effort they could, given their situation, the Internet as a whole would be a dramatically nicer place. That best effort will vary greatly by situation, but even a partial attempt is better than none at all. -- Scott Francis || darkuncle (at) darkuncle (dot) net illum oportet crescere me autem minui