North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ISPs are asked to block yet another port
[email protected] (Jack Bates) writes: > There is another fix for it. If neither provider allowed spoofing, then > the individual couldn't send spoofed packets out one way and allow the > syn/ack back via the other. Of course, there are better reasons for > spoof protection ingress/egress than a little port 25 traffic. until the larger isp's start writing BCP38 conformance into both their peering agreements AND their customer agreements, we're not going to see any improvements in source address authenticity. see also ICANN SAC004 (http://www.icann.org/committees/security/sac004.txt). -- Paul Vixie
|