Havard.Eidnes@runit.sintef.no writes...
It would prevent simple spoofing, yes, but that would not eliminate the Smurf attacks since to mount a Smurf attack you need to use the victim's address as your source address, and that one *is* typically "valid" according to the criteria you mention above (?).
But the first router the spoofer hits would NOT likely point the spoofed address back to the spoofer. At that router this would stop the spoof. This is why the feature needs to be shipped on all routers and enabled by default. -- Phil Howard | no1way99@no5place.edu ads3suck@no8where.edu stop5it0@dumbads2.edu phil | blow0me8@dumb6ads.org ads4suck@noplace3.org stop3ads@noplace0.net at | die1spam@lame8ads.com end4it12@anyplace.net stop9597@spammer8.net milepost | stop5ads@no0place.org end7it69@anyplace.edu a8b3c9d6@dumbads2.com dot | die4spam@lame1ads.net stop6it2@no6where.com suck3it1@spam2mer.org com | stop9915@spam6mer.net stop1it8@nowhere2.org stop0ads@anywhere.net