ISPs are asked to block yet another port

• Previous message (by thread): ISPs are asked to block yet another port
• Next message (by thread): ISPs are asked to block yet another port
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

jbates at brightok.net (Jack Bates) writes:

> There is another fix for it. If neither provider allowed spoofing, then 
> the individual couldn't send spoofed packets out one way and allow the 
> syn/ack back via the other. Of course, there are better reasons for 
> spoof protection ingress/egress than a little port 25 traffic.

until the larger isp's start writing BCP38 conformance into both their
peering agreements AND their customer agreements, we're not going to see
any improvements in source address authenticity.  see also ICANN SAC004
(http://www.icann.org/committees/security/sac004.txt).
-- 
Paul Vixie

• Previous message (by thread): ISPs are asked to block yet another port
• Next message (by thread): ISPs are asked to block yet another port
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]