On Thu, 12 Sep 1996, John G. Scudder wrote:
Insofar as guys who "barely know what a TCP SYN is" are unlikely to twist the knobs, defaulting filtering to "block spoofed addresses" seems like the best and maybe only way to get them to do it.
If we can get config instructions for all the popular NAS boxes like Ascend, Livingston, USR etc. posted to a web page somewher then we can get the word out to a lot of ISP's via the 7 or 8 ISP mailing lists, Boardwatch magazine and USENET. But for the benefit of those maginally clueful people out there we need to have some fairly explicit instructions.
Don't forget Linux and the various BSD stuff. Quite a few people run modems with these as terminal servers. Certainly this would be trivial in Linux, from experience. It would probably be advisable to be able to disable this on a per i/f basis as there are a few people who intentionally have locally assymetric routing (pile of Maxen with 2 routers for redundancy and load-sharing for instance) but could still work with spoofed source IP address filtering on the modem ends. Alex Bligh Xara Networks