On Mon, May 30, 2005 at 09:55:39AM +0200, Marc SCHAEFER wrote:
On Fri, May 27, 2005 at 09:31:32PM +0200, Simon Leinen wrote:
I can spoof packets from my home broadband connection (and probably the 299'999 other broadband customers of that Swiss ISP can do so as well :-). Hopefully other Swiss ISPs do this better.
sunrise freesurf used to allow this also, didn't try for some time.
(it even let source address be in the private address space)
amazing to still see this in 2005! is there valuable argument from these ISP or is it ignorance / badly designed networks??
on the leaf interfaces of the ISP routing topology:
(cisco) ip verify unicast reverse-path
(linux) echo 1 > /proc/sys/net/ipv4/conf/ethN/rp_filter
there is still this good paper from cisco, it's a bit dated but probably mean no real valuable features was added in IOS since 2001:
http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip
bye.