How about we use an IP option indicating "spoofing (not) allowed",
similar to "no fragmentation", and require that the spoofer conform to
it, will that make sense? (This then will not require user's knowledge
but the application writers'...)
Mingyan
On Wed, 10 Jan 2001, Fred Baker wrote:
> At 05:51 PM 1/9/01 -0500, Mingyan Liu wrote:
> >it be left to the application/user to decide
> >whether they would rather use the spoofer and be exposed to higher failure
> >probability, or just play safe and bypass the spoofer (assume that the use
> >of a spoofer is not mandatory)?
>
> In general, I would agree with that. Now tell me this: do you know that the
> spoofer is there? How do you evade it?
>
> The cases that come quickly to mind are transparent and non-transparent web
> caches, Packeteer-style QoS control boxes which fiddle with TCP headers,
> Arrowpoint-etc devices which front-end sets of web servers, and so on. I
> can get around the non-transparent caches (SQuID etc) readily enough, but I
> may not be able to get around the others, and may not even know they are there.
>
> In such cases, the statement above is a great sentiment, one I would
> wholeheartedly support, but doesn't seem very practical.
>
This archive was generated by hypermail 2b29 : Wed Jan 10 2001 - 11:56:06 EST