On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote: > > If you use Iptables and you block spoofed addresses with Iptables, > will that stop the spoofing in their tracks, therefore decreasing the > chance of a DOS? No. For example, let's say someone manages to spoof "mailout.aol.com"  and then connects to you. You will now block all mail from AOL (hmm, perhaps that's a bad example :) In other words, unless the source address is a reserved address or one of your local addresses, you really don't know if it's spoofed or not (barring some sort of cryptographic challenge, like IPSEC). This is why all ISPs should apply filters at their ingress/egress points. Unfortunately, many do not. -- Nathan Norman - Micromuse Ltd. mailto:email@example.com Whenever men attempt to suppress argument and free speech, we may be sure that they know their cause to be a bad one. -- R. G. Horton  I made up that host name; you get the idea.
Description: PGP signature