[54789] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (hc)
Fri Jan 17 00:06:24 2003
Date: Fri, 17 Jan 2003 00:03:56 -0500
From: hc <haesu@towardex.com>
To: Brad Laue <brad@brad-x.com>
Cc: "Christopher L. Morrow" <chris@UU.NET>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
>
>
>>
>
> Good point.
>
> I suppose another basic but effective method of prevention would be
> egress filtering. An increasing minority of network providers are
> instituting it, but it doesn't seem like it will be a widespread thing
> in the near-term.
>
Yes, but egress filtering is only effective by far. Anyone can forge the
source to an IP address that belongs to one of the /16's a provider
advertises.
It will help of course, but really not The solution... Or is there one?
-hc
