On Thu, Sep 2, 2010 at 11:04 PM, Daniel Senie <d...@senie.com> wrote: > Ingress filtering is the correct tool for the job.
Not really. Ingress filtering only ever protected you from being the source of spooding attacks, not the destination. The point of Zhiyun's results is that it doesn't fully protect you from being the source either. Frankly, Zhiyun offers the first truly rational case I've personally seen for packet filtering based on the TCP source port. You should give his work more careful scrutiny. Regards, Bill Herrin -- William D. Herrin ................ her...@dirtside.comĀ b...@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
