>> Yes. Also badly misconfigured networking on your ISP's end. > Is it really that way?
Well, that's my understanding - and I say that as someone who works at a (smallish) ISP. > I mean, a client forms a request NTP packet, and puts it into a UDP > packet with my IP as the destination and his IP address as where he > wants to get the response back. A metric buttload of routers between > him and me pass this packet on to me. My ntpd sees the request and > replies back to the address he put in the UDP packet. Right. > Is it really the responsibility of the network layer to check the > "from" address and see it's nonsensical? Not so much that it's nonsensical as forged: the other host is emitting packets with from-addresses that aren't its own. If I've been allocated, say, 100.200.30.40/29, I should not be emitting packets with ip_src values not in that /29, and (my understanding of) best practice is that my upstream should enforce this. RFC1918-private addresses are just a special (and especially glaring) case of this. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
