22 Feb
2001
22 Feb
'01
6:49 p.m.
Note that the proposition, "Providers should filter RFC1918-sourced packets at the periphery" is a subset of the proposition, "Providers should filter at the periphery packets with source addresses not explicitly authorized by the provider." I subscribe to the second proposition, and hence implicitly to the former. The problem is not the stray RFC1918-sourced packet here or there. The problem is that the de facto standard is that you can inject packets with arbitrary source addresses into the Internet from anywhere. The number of attacks that use spoofed source addresses is reason enough to change this. But I'm not holding my breath. Jim Shankland