In message <10071844.11080.1364348618832.JavaMail.root@benjamin.baylink.com>, J ay Ashworth writes:
----- Original Message -----
From: "Mark Andrews" <marka@isc.org>
If you are with a ISP that does not practice BCP 38 are you willing to risk your neck that you won't be subject to a "aiding and abetting" charge? All of us here know that spoofing address like this is a criminal activity. We are all experts in the field and the courts apply higher standards to us than they do to Joe Blogs. We know machines get compromised. We know how to block spoofed traffic from compromised machines.
Careful: source address spoofing, like using a name you don't have on your driver license *is not inherently a crime*. *Fraudulent behaviour which is advanced thereby* makes it an additional crime.
Which is why I said "like this" as this bundle of threads started with spoofing of DNS queries.
SAS is sometimes necessary for testing.
Indeed. Those are exceptions not the rule. How many residential connections would be doing SAS for testing, compared to configuration errors or as the result on criminal misappropriation of equipement. When both configuration errors and spoofed traffic as the result of criminal misappropriation of equipement both should be dropped what are the courts likely to find? Even with SAS for testing you can filter based on MAC / port / link so only designated machines can send spoofed traffic. I certainly don't want to be the subject of a test case. Mark
Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.co m Designer The Things I Think RFC 210 0 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DI I St Petersburg FL USA #natog +1 727 647 127 4
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org