On 2 Sep 99, at 13:56, Ryan Russell wrote:
> As a matter of course, firewall admins should implement anti-spoofing
> rules that block (source) addresses for their inside nets, any RFC1918
> addresses, and anything above 223.255.255.255 (minus anything they wish to
> explicitly allow for MBONE, routing protocols, etc..)
Also the "test network", 192.0.2.x, and the "link local" range 169.254.x.y.
It should not be possible to route packets back to these addresses, and so
it would be prudent not to accept anything claiming to originate from them.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
