In the same document:
Also, while ingress filtering drastically reduces the
success of source address spoofing, it does not preclude an
attacker using a forged source address of another host
within the permitted prefix filter range.
I.e. a single compromised host in the "permitted prefix filter range"
can cause as much trouble as the current attacks. Granted, it's a bit
easier to track down a host like this, but eliminating the majority of
compromisable hosts is even more difficult than global implementation of
the cited document. The bitter irony is that non-implementation of this
draft will most probably corelate with presence of compromisable hosts.
Thus host-(and firewall-)based solutions are at least as important as
the ingress filtering.
As of the evidence of these attacks - they were evident long before the
Paul Ferguson writes: