RE: dsl providers that will route /24

["David Schwartz" <davids () webmaster com>]

> Every packet with a source address that's not assigned to the customer
> who it is arriving from *IS* a spoofed packet, regardless of *why* it
> has an errant address.  They must all be filtered regardless of content
> or purpose!  The sooner your customers realise their configuration
> errors, the better (and the happier they'll be!).

>       Greg A. Woods

        That definition, if you really mean it, would make nearly every packet on
the Internet spoofed. Sooner or later, pretty much every packet winds up
coming into a router with a source not assigned to the customer on the other
end of that link.

        I prefer a much more useful definition of "spoofed". A packet is said to be
spoofed if it is introduced onto the Internet and originated on a machine
whose administration has not been assigned that IP address for use on the
Internet.

        I can cite you several sources that support my definition. But I don't
think you really believed what you said anyway.

        I'd love to hear your explanation of why a unidirectional VPN is a
configuration error.

        DS