North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Defeating DoS Attacks Through Accountability

  • From: Ariel Biener
  • Date: Thu Nov 02 22:36:23 2000

On Thu, 2 Nov 2000, Ryan Tucker wrote:

> > term.With RFC 2827 in hand, use egress filters to make sure that your
> > networks don't permit packets with spoofed source addresses from entering
> > the Internet.If you have customers, as many (most? all?) of us do, use
> > ingress filters to make sure that spoofed packets don't even enter your
> > network.

Oh, Ryan, on this subject specifically, the downstream providers should
not count on the upstream to check if they send spoofed packets to them,
and they should also filter them on egress. If all ISPs took care of this
(and it ain't that hard to configure), this could make life for NSPs alot
easier. We should balance responsibility among clients and providers, and
not just pin it all on the NSPs. The game is cooperation.....


> --
> Ryan Tucker <[email protected]>               Network Operations Manager
> NetAccess, Inc.                                    Phone: +1 716 419-8200
> 1159 Pittsford-Victor Road, Pittsford NY 14534
> "Wouldn't you rather help make history than watch it on TV?" - Jello Biafra

Ariel Biener
e-mail: [email protected]           Work phone: 03-6406086
fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC