On Thu, Mar 28, 2013 at 12:27 PM, Jay Ashworth <[email protected]> wrote:
> ----- Original Message ----- >> From: "William Herrin" <[email protected]> > >> So, you represent to your ISP that you're authorized to use a certain >> range of addresses. He represents to his upstream that he's authorized >> to use them on your behalf, and so on. > > The former is a first-hand transaction: if you're lying to your edge > carrier, he can cut you off with no collateral damage. > Of course, he has to notice it first. :-) ObOpinion: It's best to *enforce* a policy which disallows a downstream network from sourcing spoofed packets -- and the closer to the "edge" you are, the better, Hierarchy is great for that. :-) I guess the next best thing is "Trust but verify"? - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com
