On 25/05/2020 08:25, Andy Burns wrote:
> Ahem A Rivet's Shot wrote:
>
>> The Natural Philosopher wrote:
>>
>>> yes BUT your way involves spoofing internal source addresses on an
>>> external interface.
>>> In short a compromised ISP
>>
>> Network security should be based on the assumption that everything
>> you don't control is potentially hostile.
>
> So drop all spoofed packets arriving at the external interface.
I cant see why any NAT router wouldn't do that anyway.
--
“when things get difficult you just have to lie”
― Jean Claud Jüncker
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
|