Thus spake "todd glassey" <todd.glassey@worldnet.att.net> > Folks - > Paul Vixie is dead on here but the real problem is not DNS, but rather the > routing protocols that allow this type of address forgery to be propagated. Please explain what routing protocol deficiency is responsible for ISPs not configuring anti-spoofing filters. > This is the subtle difference here and the biggest criminal here is that > even with a forged DNS service, the real issue is still Cisco and its > brethren for forcing the propagation of routing standards that are > insecurable and indefensible - the other bad-guy here is the IETF for not > being more in control or forcing issues of security to be ingrained into > their protocols that they have or are in the process of making as standards. The IETF responds to its customers' demands. If ISPs wanted a securable and defensible routing system (and such a system were possible), we would have one. > This is one of the greatest instances proving that the ICANN and the IETF > themselves with their current management and format, are incompetetent to > build or enforce standards. If they had done their job properly and allowed > external input or review of their efforts, then this never would have > happened. Last I checked, the IETF was an open standards body that allowed input from anyone. If you're unhappy with its products, you're free to write something better and submit it. S