address spoofing

Dan Hollis goemon at
Sat Apr 24 01:20:37 UTC 1999

On Fri, 23 Apr 1999, Randy Bush wrote:
> huh?  for packet filtering, which is what we've been discussing, my
> experience is quite the opposite.  one can't really afford packet
> filters on routers with oc12s.  and in a multi-path universe, filtering
> for source address spoofing is best done at the edges anyway.

Wonder if its too much to ask the backbones to do sanity checks on their
customers T1 lines etc. Eg they arent smurf amplifiers, they have spoof
filters, yadda yadda.

If this happened perhaps the rate of DoS attacks would go down


More information about the NANOG mailing list