To drop spoofed packets can you just implement "ip verify unicast rpf" on border routers instead of creating a whole bunch of spoofing ACL's? Or should you put both?
Regards ------------------------------------------------------------------- SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.surfcontrol.com/go/zsfsbl1