North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: smurf, the MCI-developed tracing tools (was Re: Bogus announcement)
At 12:05 PM 12/28/97 -0600, Karl Denninger wrote: > >You don't want to filter ICMPs. What you want to filter is ANYTHING which >came from an invalid source address *at your entrance* from your customer >connections. > This is documented in: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing; draft-ferguson-ingress-filtering-03.txt At the moment, we're trying to get this evntually published as an Informational RFC. More information can be found at: ftp://ftp.cert.org/pub/cert_advisories/CA-97.28.Teardrop_Land - paul
|