[54795] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (Travis Pugh)
Fri Jan 17 00:27:41 2003
From: "Travis Pugh" <tdp@discombobulated.net>
To: <nanog@merit.edu>
Date: Fri, 17 Jan 2003 00:22:44 -0500
Errors-To: owner-nanog-outgoing@merit.edu
According to hc <haesu@towardex.com>
> Of course, egress filters don't
> solve the issue. But considering most script kiddies' intelligence
level
> is limited, it will help at least a bit. :-) The problem with egress
> filtering is that it's mostly applicable at the end tier2+ level,
not at
> the backbones, which means a lot of ISP's who are oblivious on what
it
> is (or some cases where egress filter breaks their network setup).
On the subject of "help a bit", if service providers were to require,
by default, either an egress filter (correctly configured) on the CPE
router or an ingress filter on their own customer aggregation router
it might do some good ...
Cheers.
-travis
>
> -hc
>
