I have received complaints from people about NOT being able to spoof packets.
<moronicy> Technical Support: "This is CompanyX, how can I help you?" 31337kiddi0t: "wHy c0m3 3ye c4nt sp0of?!$!*@" </moronicy> With all of the different standards which tend to add confusion, too much time seems to be going to waste drafting them while networks and businesses suffer from what's currently in place. From my perspective if someone mentioned this to me via complaints their account would be cancelled immediately since there is no benefit to sending out spoofed packets. "But it's a pen test audit!" Even in situations where a security admin needed to test certain elements an aware admin would find a way to get around doing what they had to do. Blocking elements such as SMTP do have its place and I'm sure most know this is not the "definitive" solution nothing more than patch work but it still has its advantages. The same way spammers can adapt, so should an engineer be able to for those who would like to contest the notion that one would be making "smarter idiots" who send spam and create malice. I've been digging more into RFC's in hopes of learning more from a technical perspective for my own sake and to date, all I've seen is more of less patchwork. Instead of reinventing the wheel as the old saying goes, sometimes a patch can get you moving on a flat tire. Sure it is a temporary solution, but it is a solution. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "There is no greater mistake than the hasty conclusion that opinions are worthless because they are badly argued." -- T.H. Huxley