Home page logo
/

nanog logo nanog mailing list archives

Re: ISPs are asked to block yet another port
From: Paul Vixie <vixie () vix com>
Date: 23 Jun 2003 21:55:16 +0000


jbates () brightok net (Jack Bates) writes:

There is another fix for it. If neither provider allowed spoofing, then 
the individual couldn't send spoofed packets out one way and allow the 
syn/ack back via the other. Of course, there are better reasons for 
spoof protection ingress/egress than a little port 25 traffic.

until the larger isp's start writing BCP38 conformance into both their
peering agreements AND their customer agreements, we're not going to see
any improvements in source address authenticity.  see also ICANN SAC004
(http://www.icann.org/committees/security/sac004.txt).
-- 
Paul Vixie


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault