Well, my personal opinion is that it's a waste of time given that any packet filtering forwarder fixes this problem trivially, and randomizing the ISS properly solves the actuall problem. If someone wants to throw time and effort into doing it, I have no objection, as long as they don't mess up the kernel. From: Aleph One <aleph1@dfw.net> Subject: Re: Router filtering not enough! (Was: Re: CERT advisory ) On Thu, 26 Jan 1995, Paul Traina wrote: > > How hard would it be to modify tcpwraper (for example) to check the > > incomming MAC address on a connection and to be worried if it came from a > > list of routers but the address was the local net? > > This breaks people who might have their netmasks set incorrectly on the loc >>al > net. > Is this bad? dont think so if it breaks it you will notice and be able to fix it. a1 http://underground.org