On Mon, May 30, 2005 at 09:55:39AM +0200, Marc SCHAEFER wrote: > On Fri, May 27, 2005 at 09:31:32PM +0200, Simon Leinen wrote: > > I can spoof packets from my home broadband connection (and probably > > the 299'999 other broadband customers of that Swiss ISP can do so as > > well :-). Hopefully other Swiss ISPs do this better. > > sunrise freesurf used to allow this also, didn't try for some time. > > (it even let source address be in the private address space)
amazing to still see this in 2005! is there valuable argument from these ISP or is it ignorance / badly designed networks?? on the leaf interfaces of the ISP routing topology: (cisco) ip verify unicast reverse-path (linux) echo 1 > /proc/sys/net/ipv4/conf/ethN/rp_filter there is still this good paper from cisco, it's a bit dated but probably mean no real valuable features was added in IOS since 2001: http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip bye. -- Philippe Strauss av. de Beaulieu 25 1004 Lausanne _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
