[32006] in North American Network Operators' Group
Re: Defeating DoS Attacks Through Accountability
daemon@ATHENA.MIT.EDU (Ryan Tucker)
Thu Nov 2 22:23:05 2000
Date: Thu, 02 Nov 2000 22:14:15 -0500
From: Ryan Tucker <rtucker@netacc.net>
To: Mark Mentovai <mark-list@mentovai.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.21.0011021941400.1667-100000@pine.ggn.net>
Message-Id: <3A022D87DC.07B9RTUCKER@mail.netacc.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 2 Nov 2000 19:44:06 -0500 (EST), "Mark Mentovai" <mark-list@mentovai.com> wrote:
> The very first step, if you haven't done so already, is to push your own
> organization to implement ingress and egress filtering. This is NANOG, and
> there are enough clueful NANOs reading with the resources needed to
> accomplish this on a number of small- and medium-sized networks in the short
> term. With RFC 2827 in hand, use egress filters to make sure that your
> networks don't permit packets with spoofed source addresses from entering
> the Internet. If you have customers, as many (most? all?) of us do, use
> ingress filters to make sure that spoofed packets don't even enter your
> network.
I'm fairly sure our network is all set, but does anyone have a good test
procedure to make sure? I think it would be really beneficial to have a
utility/procedure that can, in fairly short order, test one's
configurations to make sure that everything is OK. -rt
--
Ryan Tucker <rtucker@netacc.net> Network Operations Manager
NetAccess, Inc. Phone: +1 716 419-8200
1159 Pittsford-Victor Road, Pittsford NY 14534 http://www.netacc.net/
"Wouldn't you rather help make history than watch it on TV?" - Jello Biafra
