30 May
2005
30 May
'05
12:53 p.m.
On Mon, May 30, 2005 at 09:55:39AM +0200, Marc SCHAEFER wrote:
On Fri, May 27, 2005 at 09:31:32PM +0200, Simon Leinen
wrote:
amazing to still see this in 2005!
is there valuable argument from these ISP or is it
ignorance / badly designed networks??
on the leaf interfaces of the ISP routing topology:
(cisco)
ip verify unicast reverse-path
(linux)
echo 1 > /proc/sys/net/ipv4/conf/ethN/rp_filter
there is still this good paper from cisco, it's a bit
dated but probably mean no real valuable features was added
in IOS since 2001:
http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip
bye.
--
Philippe Strauss
av. de Beaulieu 25
1004 Lausanne
I can spoof packets from my home broadband
connection (and probably
the 299'999 other broadband customers of that Swiss ISP can do so as
well :-). Hopefully other Swiss ISPs do this better.
sunrise freesurf used to allow this also, didn't try for some time.
(it even let source address be in the private address space)