On Tue, 11 Mar 2003, Peter Galbavy wrote:
If all routes in the routing table are good (which soBGP and S-BGP can do for you) and routers filter based on the contents of the routing table, hosts will not see any bogon packets except locally generated ones so they shouldn't have bogon filters of their own.
I believe you are confusing authentication with authorisation.
I don't think I am.
Having authentic routes does not imply that all the traffic will be 'correct'. Various networks will always fail to filter customer traffic at ingress etc. and then source address spoofing becomes trivial.
I don't see your point. Packets with bogon sources are just one class of spoofed packets. As I've explained earlier S-BGP or soBGP with uRPF will get rid of bogons. Neither this or bogon filters on the host will do anything against non-bogon spoofed packets.