[44498] in North American Network Operators' Group
Re: ACLs / Filter Lists - Best Practices
daemon@ATHENA.MIT.EDU (Andreas Plesner Jacobsen)
Fri Nov 30 02:41:48 2001
Date: Fri, 30 Nov 2001 08:41:08 +0100
From: Andreas Plesner Jacobsen <apj@nerd.dk>
To: nanog@merit.edu
Message-ID: <20011130084108.M11031@nerd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <LCEKLACNFGLMOPOGNBNMMEHPCHAA.tim@eng.bellsouth.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Nov 30, 2001 at 01:39:24AM -0500, Tim Irwin wrote:
>
> - <rant>RFC 1918 filtering is no silver bullet. Yes, it should be done, but
> all a malicious person needs in order to be able to launch an effective DDoS
> attack is to source from unassigned address space or address space that is
> known to be unused.</rant>
And that's why we all need to employ things like CEF reverse path
verification at our customer edge.
--
Andreas Plesner Jacobsen | There's a lot to be said for not saying a lot.
