Robert Elz wrote:
There's no good purpose
in sending packets with incorrect source addresses I can think of, and
stopping the practice is the basic intent of the filters.
Mobile IP would like to send out packets with the mobile node's
home address, while it is attached to a network in a foreign
domain. The home address is likely to look "incorrect" from
the standpoint of such a filter.
Plus I don't think the gain is worth the pain. I'd rather see
a technology that actually solves the problem instead of swatting
at gnats with a sledge hammer.
What if routers could preferentially keep track of things like SYN
packets and so on for a few seconds, and we had some traceback management
software and security associations with our neighbors enough to do
some automatic detection?
It might cost 2% more for the memory buffers, geez I don't know.
Regards,
Charlie P.