Nope. As previously established, there are ISPs out there using RFC1918 networks in their infrastructure. Also, egress filtering is NOT easy, so even those ISPs doing it may not be able to do it universally. Plus, lots of attacks these days are mixing spoofed and legit traffic, or doing limited spoofing (i.e. picking random addresses on the LAN where they originate to make it past filters). Kelly J. On Tue, 8 Oct 2002, Iljitsch van Beijnum wrote:
On Tue, 8 Oct 2002, Chris Wedgwood wrote:
FWIW, almost nobody filters rfc1918 packets outbound and a good percentage of ISP customers bleed these something terrible
Actually, that's a good thing. This makes it trivial to detect which peers aren't doing egress filtering. If people just filtered RFC 1918 space, everything would just look better, but the underlying problem wouldn't be solved: it would still be possible to launch very hard to trace or stop denial of service attacks from those networks.