Off a comment Vix made in another thread this weekend, what is the current status, to the degree to which anyone knows and is permitted to say, of the deployment of RFC 3704, BCP 38, to block IP address spoofing at the ingress edge of large consumer eyeball networks? When the BCP was first release, as I recall it, much noise was made to suggest that it was cost-ineffective and impractical to deploy it because the current state of edge devices was such that it wasn't a simple knob-turn. Is that still true (or not, as I expect), and if common edge concentrators do now support easy filtering to drop packets with improper or invalid source addresses, is this being utilized in the wide area... and if not, why the hell not? Or are spoofed-source-address attacks not, as Vix suggests, significant and trending upwards? Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274