Robert Elz <kre(_at_)munnari(_dot_)OZ(_dot_)AU> wrote:
I'm not sure there is a good analogy there. There's no good purpose
in sending packets with incorrect source addresses I can think of, and
stopping the practice is the basic intent of the filters.
"In his early days at Intel, Andy Grove was approached by an employee who
suggested the company start work on a personal computer based on its chips.
Skeptical, he asked what a personal computer might do. The employee,
searching for a good example, said it could be used to store recipes. Grove
thought about the millions he'd have to spend on research, development, and
marketing, then considered the imperfect but steady quality of an
alphabetized loose-leaf binder. He finally passed on the idea and decided to
concentrate on the lucrative business of supplying chips for traffic
lights."
It is rarely very easy to see what requirements the future will bring and
particularly in this business you can't be sure what the technology of
tomorrow demands. And, agreed, bogus source IPs _does_ at present time
look like nothing but the devils work. But in, say, 10 years a new flashy
techology could be requiring that you have the ability to stamp packets with
other IPs than your own. Unfortunately, back in year 2000, somebody put in
IP filters at all ISPs and now, 10 years after, these filters is so
integrated a part
of the ISP software that reprogramming would cost a fortune.
Also consider the size of the group of Internet users that send out packets
with incorrect source IPs. Using IP filters would be like illegalizing
coffee because a fraction of the people on the earth is allergic to
caffeine.
- Anders Feder