> You know if anyone was of a mind to find someone at fault over this,
> I'd start pointing the finger at ISP's who haven't been doing this
> due to "performance reasons". They've had the ability to do it for
> years and in doing so would seriously reduce the number and possibility
> of "spoofing" attacks.
Agreed, I myself work for an ISP which provides co-location services,
and at first most admins (with years of experience might i add), just
don't
cared much about what's going out. When I got them all to filter
outgoing
packets, traffic dropped.
A solution would be for kernels to provide an option to keep a local
IP lookup table which could be simply based on network interfaces; of
course, given an stable implementation, this option enabled by default
would take care of spoofing problems for admins who don't think much
about what they're sending out -- i mean, they're big part of the
problem.
