[27392] in North American Network Operators' Group
Fwd: Protocol Action: Network Ingress Filtering: Defeating
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Tue Feb 15 11:55:50 2000
Message-Id: <4.2.2.20000215102825.00a54730@lint.cisco.com>
Date: Tue, 15 Feb 2000 10:28:41 -0500
To: nanog@merit.edu
From: Paul Ferguson <ferguson@cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
FYI,
- paul
>To: IETF-Announce:;
>Cc: RFC Editor <rfc-editor@isi.edu>
>Cc: Internet Architecture Board <iab@isi.edu>
>From: The IESG <iesg-secretary@ietf.org>
>Subject: Protocol Action: Network Ingress Filtering: Defeating Denial
> of Service Attacks which employ IP Source Address Spoofing to BCP
>Date: Tue, 15 Feb 2000 09:23:37 -0500
>Sender: scoya@cnri.reston.va.us
>
>
>
>The IESG has approved 'Network Ingress Filtering: Defeating Denial of
>Service Attacks which employ IP Source Address Spoofing' <rfc2267> as a
>Best Current Practice.
>
>The IESG Contact Persons are Randy Bush and Bert Wijnen.
>
>
>Technical Summary
>
> This document describes recommended router configurations to reduce
> likelihood of attacks over the network. It describes how an ISP customer
> aggregation router should be configured to prevent a customer from sending
> packets with source addresses from space other than their own.
>
>Working Group Summary
>
> This is not the product of a working group, but has been used in practice,
> has passed general IETF last call twice, and is generally considered to be
> good practice.
>
>Protocol Quality
>
> This was reviewed for the IESG by Randy Bush.
>
