[32008] in North American Network Operators' Group
Re: Defeating DoS Attacks Through Accountability
daemon@ATHENA.MIT.EDU (Ariel Biener)
Thu Nov 2 22:34:57 2000
Date: Fri, 3 Nov 2000 05:27:30 +0200 (IST)
From: Ariel Biener <ariel@fireball.tau.ac.il>
To: Ryan Tucker <rtucker@netacc.net>
Cc: Mark Mentovai <mark-list@mentovai.com>, nanog@merit.edu
In-Reply-To: <3A022D87DC.07B9RTUCKER@mail.netacc.net>
Message-ID: <Pine.LNX.4.21_heb2.09.0011030525200.26611-100000@fireball.tau.ac.il>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 2 Nov 2000, Ryan Tucker wrote:
> > term.With RFC 2827 in hand, use egress filters to make sure that your
> > networks don't permit packets with spoofed source addresses from entering
> > the Internet.If you have customers, as many (most? all?) of us do, use
> > ingress filters to make sure that spoofed packets don't even enter your
> > network.
Oh, Ryan, on this subject specifically, the downstream providers should
not count on the upstream to check if they send spoofed packets to them,
and they should also filter them on egress. If all ISPs took care of this
(and it ain't that hard to configure), this could make life for NSPs alot
easier. We should balance responsibility among clients and providers, and
not just pin it all on the NSPs. The game is cooperation.....
--Ariel
>
> --
> Ryan Tucker <rtucker@netacc.net> Network Operations Manager
> NetAccess, Inc. Phone: +1 716 419-8200
> 1159 Pittsford-Victor Road, Pittsford NY 14534 http://www.netacc.net/
> "Wouldn't you rather help make history than watch it on TV?" - Jello Biafra
>
>
--
Ariel Biener
e-mail: ariel@post.tau.ac.il Work phone: 03-6406086
fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
