Re: WANTED: ISPs with DDoS defense solutions

North American Network Operators Group

Re: WANTED: ISPs with DDoS defense solutions

From: Jack Bates
Date: Wed Aug 06 11:53:45 2003

[email protected] wrote:

If the client is behind a NAT, and the spoofed source address doesn't get through, then that's OK because it means that no application in that same location behind the NAT can use spoofed addresses.

Which is important given the number of NAT setups that only perform NAT for the ranges they deal with and leave everything else alone. NATing all traffic may not be ideal in some cases, but filtering traffic that isn't desired is critical. Establishing an initial connection is, of course, necessary so that the server recognizes what the source address should be.

-Jack

References:
- Re: WANTED: ISPs with DDoS defense solutions Michael.Dillon

Prev by Date: Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
Next by Date: Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,
Date Index
Thread Index
Author Index
Historical