|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Real-Time Mitigation of Denial of Service Attacks Now AvailableWith AT&T
On Wed, 2 Jun 2004, Michel Py wrote: > > Jon R. Kibler wrote: > > IMHO, there is absolutely no excuse for not doing ingress and > > egress filtering. In fact, if you are an ISP, I would argue > > that you are negligent in your fiduciary responsibilities to > > your customers and shareholders if you are not filtering > > source IP addresses. > > Hey, I'm all for it. Where's the money and the staff? set routing-options forwarding-table unicast-reverse-path feasible-paths set interfaces yy-x/x/x unit 0 family inet rpf-check What else do you need? Or did you buy crap that doesn't support (good) uRPF, or even doesn't support (line-rate) filtering? Change the vendors and filter at your core connecting those crappy boxes then. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
|