Preventing forged packets from customers
-
you know what IP addresses are used (at least for dialup and
statically routed customers)
-
make a filter for each customer that denies other source
addresses
-
very recent cisco code has “ip verify
source-address”