>> (...) ISPs to stop forged packets as their network edge. There's no >> reason they should be dumping packets with return addresses outside >> their network onto the internet.
As true as the basic conclusion is, this justification is false, as pointed out by > It makes the life of people that have two Internet connections (but > no PI IP space / BGP feed) far easier, and allows better load > balancing :) True. But, as true as that is, it also makes forged-source attacks possible. On the net we had back in the '80s and very early '90s, this might not have outweighed the multihoming value. Now, I would say, it does (by far, by very very far). Also, it doesn't break such multihoming entirely. With the cooperation of the outbound providers in question, private multihoming is still possible; the providers just need to poke holes in their filters for the relevant traffic. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTML [email protected] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
