North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: dsl providers that will route /24
> Every packet with a source address that's not assigned to the customer > who it is arriving from *IS* a spoofed packet, regardless of *why* it > has an errant address. They must all be filtered regardless of content > or purpose! The sooner your customers realise their configuration > errors, the better (and the happier they'll be!). > Greg A. Woods That definition, if you really mean it, would make nearly every packet on the Internet spoofed. Sooner or later, pretty much every packet winds up coming into a router with a source not assigned to the customer on the other end of that link. I prefer a much more useful definition of "spoofed". A packet is said to be spoofed if it is introduced onto the Internet and originated on a machine whose administration has not been assigned that IP address for use on the Internet. I can cite you several sources that support my definition. But I don't think you really believed what you said anyway. I'd love to hear your explanation of why a unidirectional VPN is a configuration error. DS
|