From: "Geo." 

Lets say I'm at 216.144.26.35, how are you going to stop me from spoofing
at 216.144.26.40 or .253? Are ISP's now supposed to add in filters to
customer routers or are we expected to have such large routers of our own
that we can have acl's with thousands of entries?

I absolutely refuse to block netbios traffic as I happen to USE netbios to
do things like remote backups etc..

The net send problem is a problem that end users have to deal with, it's no
different than a port 25 relay email.

If you don't like popup spams, then turn the messenger service off or
secure it just like you had to do with relay... It's really simple to
secure a W2K machine, just turn null sessions off and make sure the guest
account is disabled.

Geo.

"Mike Nice"  wrote in message
news:k0unru8dro6a67kllasafiuinffd17a35l{at}4ax.com...
> On Sat, 26 Oct 2002 17:35:40 -0400, "Geo."
 wrote:
>
> >Use a firewall, it will log where the connect attempts on ports 135, 137,
> >139, and 445 are coming from. They come from all over the net.
>
>    Since Net Send Spam uses UDP, the tools almost certainly forge the
source IP, making it useless.
> All the more reason for every border router to prohibit source network
spoofing.  AT&T is starting
> to do this for all their downstream connections now.

--- BBBS/NT v4.01 Flag-4