> Since a spoofer can construct any packet they like, and NOT include > any authentication data, a bit in the source address seems to be the > only way for a receiver who cares, to know whether to drop it (because > auth data is missing) or accept it (because it's a legacy insecure > address).
yes, but an MitM can lie about the source address also, or launder packets between the the real source and destination. the source address is not much more reliably associated with the source than any other information that might be in a packet. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
