Why are all providers of Internet connectivity urged to implement the filtering described in RFC 2827?
A.
To prohibit attackers from using source addresses that reside within a range of legitimately advertised prefixes.
B.
To prohibit attackers from using forged source addresses that do not reside within a range of legitimately advertised prefixes.
C.
To filter Java applications that come from a source that is not trusted.
D.
To stop internal users from reaching web sites that violate the established security policy.
Explanation:
RFC 2827 filtering-You can also prevent users of a network from spoofing other networks (and be a good Internet citizen at the same time) by preventing any outbound traffic on your network that does not have a source address in your organization’s own IP range. Your Internet service provider (ISP) can also implement this type of filtering, which is collectively referred to as RFC 2827 filtering. This filtering denies any traffic that does not have the source address that was expected on a particular interface. For example, if an ISP is providing a connection to the IP address 15.1.1.0/24, the ISP could filter traffic so that only traffic sourced from address 15.1.1.0/24 can enter the ISP router from that interface.
Reference: SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks Page 66