i think that the better fix for the spoofing scare was to filter
at the edges of your network for your own source addresses so that
no one could send to your networks with a source address of your
networks. i don't believe that this will disable lsrr. we're now
completing the cycle and suggesting that we should also prevent folks
from sourcing packets in their networks destined to flow the
opposite direction with anything other than the real source
addresses in their networks.
i haven't thought about it much, but i'm sure that someone here
would know, could you use lsrr to launch the predictive-seq-#-
spoofing attack?
Jeff Young
young@mci.net