[36201] in North American Network Operators' Group
RE: dsl providers that will route /24
daemon@ATHENA.MIT.EDU (David Schwartz)
Thu Mar 29 23:01:59 2001
From: "David Schwartz" <davids@webmaster.com>
To: <nanog@nanog.org>
Date: Thu, 29 Mar 2001 19:55:05 -0800
Message-ID: <NCBBLIEPOCNJOAEKBEAKAEJHOBAA.davids@webmaster.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20010330031454.8D0BC90@proven.weird.com>
Errors-To: owner-nanog-outgoing@merit.edu
> Every packet with a source address that's not assigned to the customer
> who it is arriving from *IS* a spoofed packet, regardless of *why* it
> has an errant address. They must all be filtered regardless of content
> or purpose! The sooner your customers realise their configuration
> errors, the better (and the happier they'll be!).
> Greg A. Woods
That definition, if you really mean it, would make nearly every packet on
the Internet spoofed. Sooner or later, pretty much every packet winds up
coming into a router with a source not assigned to the customer on the other
end of that link.
I prefer a much more useful definition of "spoofed". A packet is said to be
spoofed if it is introduced onto the Internet and originated on a machine
whose administration has not been assigned that IP address for use on the
Internet.
I can cite you several sources that support my definition. But I don't
think you really believed what you said anyway.
I'd love to hear your explanation of why a unidirectional VPN is a
configuration error.
DS
