[4939] in North American Network Operators' Group
Re: New Denial of Service Attack on Panix
daemon@ATHENA.MIT.EDU (Paul Ferguson)
Wed Oct 2 20:28:40 1996
Date: Wed, 02 Oct 1996 20:20:34 -0400
To: dvv@sprint.net (Dima Volodin)
From: Paul Ferguson <pferguso@cisco.com>
Cc: nanog@merit.edu, iepg@iepg.org
At 05:32 PM 10/2/96 -0400, Dima Volodin wrote:
>
>Anyway, filtering packets with SRC addresses known to generate
>ICMP_UNREACH at the earliest possible stage might be a good idea.
>
Well, this is what we [collectively] have been talking about doing
as a 'best current practice' since the attacks became evident.
Also, see:
[snip]
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : Network Ingress Filtering
Author(s) : P. Ferguson
Filename : draft-ferguson-ingress-filtering-00.txt
Pages : 6
Date : 10/01/1996
Recent occurrences of various Denial of Service attacks which have employed
forged source addresses have proven to be a troublesome issue for Internet
Service Providers and the Internet community overall. This paper discusses
a simple, effective and straightforward method for using ingress traffic
filtering to deny attacks which use "invalid" source addresses; prefixes
which are not being legitimately advertized to the Internet via a
particular service provider gateway.
[snip]
Once the document is revised to an acceptable [rough consensus] draft,
I'd like to see it become published as a BCP.
- paul
