Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISPs are asked to block yet another port

  • From: Paul Vixie
  • Date: Mon Jun 23 17:57:03 2003

jbates@brightok.net (Jack Bates) writes:

> There is another fix for it. If neither provider allowed spoofing, then 
> the individual couldn't send spoofed packets out one way and allow the 
> syn/ack back via the other. Of course, there are better reasons for 
> spoof protection ingress/egress than a little port 25 traffic.

until the larger isp's start writing BCP38 conformance into both their
peering agreements AND their customer agreements, we're not going to see
any improvements in source address authenticity.  see also ICANN SAC004
(http://www.icann.org/committees/security/sac004.txt).
-- 
Paul Vixie




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.