[ On Wednesday, July 28, 1999 at 11:21:35 (-0400), Daniel Senie wrote: ]
Subject: Re: SYN spoofing
I suspect most deployed routers do at least some filtering of packets on most or all interefaces. In the past, some routers couldn't do these lookups efficiently on source addresses, but that's really an implementation issue. It's *possible* to design hardware that can handle it, if there's a business case for doing so. ISPs should be interested in doing such filtering.
In fact it's easy to buy off-the-shelf hardware today that can do wire-speed filtering, assuming one has worked such costs into the budget of building a network backbone.... -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>