Internal "spoofing" is also due to the fact that many people simply
make up a network number for labs and such, not realizing that this
prevents Internet access to the particular network in question.
The solution to this is either central administration of private
IP networks (a la RFC 1918), or router policies that don't allow
the propagation of such network numbers beyond the boundaries of
the labs.
Another possibility is internal firewalling of "unauthorized" traffic.
I've had to use all of these methods, depending on the situation.
BobK
|
|
