Hi,
I am currently receiving around 180 UDP spam packets per day coming from
24.64.x.x sending to ports 1026 - 1028. This has been going on for over 1 month now. When I contacted Shaw Communications, Canada about them their response was that the packets were most likely spoofed and then ignored them.This got me thinking about how spoofed packets are propagated.
I would expect that packets with a sending address in the 24.64.x.x range could only enter the network via one of the Shaw servers. An attempt to insert the packet elsewhere should result in the sending address not meeting the IP address range for that ISP and being rejected.
If the sending address was from within the ISPs IP address range then if the ISPs then checked the sending address on the packet against a list of registered users and rejected all packets that weren't in the list then the amount of spam would be reduced markedly.
If the sending address matched an address in the list then if the ISP also checked that the session password matched the one on the list for that ISP there would be a further reduction.
As the packets move along the path to the recipient there should be checks that the packet is being delivered by the appropriate upstream ISP, or ISPs, with the correct password otherwise the packet should be rejected and a bounce message sent to the sender.
Does this make sense?
I don't expect that this is how things work as it would require the ISPs to carry out a considerable amount of processing when handling the packets and I doubt that they would want to do that.