23 Jun
2003
23 Jun
'03
5:55 p.m.
jbates@brightok.net (Jack Bates) writes:
There is another fix for it. If neither provider allowed spoofing, then the individual couldn't send spoofed packets out one way and allow the syn/ack back via the other. Of course, there are better reasons for spoof protection ingress/egress than a little port 25 traffic.
until the larger isp's start writing BCP38 conformance into both their peering agreements AND their customer agreements, we're not going to see any improvements in source address authenticity. see also ICANN SAC004 (http://www.icann.org/committees/security/sac004.txt). -- Paul Vixie