On Thu, 2 Nov 2000, Ryan Tucker wrote:
term.With RFC 2827 in hand, use egress filters to make sure that your networks don't permit packets with spoofed source addresses from entering the Internet.If you have customers, as many (most? all?) of us do, use ingress filters to make sure that spoofed packets don't even enter your network.
Oh, Ryan, on this subject specifically, the downstream providers should not count on the upstream to check if they send spoofed packets to them, and they should also filter them on egress. If all ISPs took care of this (and it ain't that hard to configure), this could make life for NSPs alot easier. We should balance responsibility among clients and providers, and not just pin it all on the NSPs. The game is cooperation..... --Ariel
-- Ryan Tucker <rtucker@netacc.net> Network Operations Manager NetAccess, Inc. Phone: +1 716 419-8200 1159 Pittsford-Victor Road, Pittsford NY 14534 http://www.netacc.net/ "Wouldn't you rather help make history than watch it on TV?" - Jello Biafra
-- Ariel Biener e-mail: ariel@post.tau.ac.il Work phone: 03-6406086 fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC