|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Defeating DoS Attacks Through Accountability
On Thu, 2 Nov 2000, Ryan Tucker wrote: > > term.With RFC 2827 in hand, use egress filters to make sure that your > > networks don't permit packets with spoofed source addresses from entering > > the Internet.If you have customers, as many (most? all?) of us do, use > > ingress filters to make sure that spoofed packets don't even enter your > > network. Oh, Ryan, on this subject specifically, the downstream providers should not count on the upstream to check if they send spoofed packets to them, and they should also filter them on egress. If all ISPs took care of this (and it ain't that hard to configure), this could make life for NSPs alot easier. We should balance responsibility among clients and providers, and not just pin it all on the NSPs. The game is cooperation..... --Ariel > > -- > Ryan Tucker <[email protected]> Network Operations Manager > NetAccess, Inc. Phone: +1 716 419-8200 > 1159 Pittsford-Victor Road, Pittsford NY 14534 http://www.netacc.net/ > "Wouldn't you rather help make history than watch it on TV?" - Jello Biafra > > -- Ariel Biener e-mail: [email protected] Work phone: 03-6406086 fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
|