[70946] in North American Network Operators' Group
Re: Real-Time Mitigation of Denial of Service Attacks Now Available
daemon@ATHENA.MIT.EDU (Andrew - Supernews)
Wed Jun 2 11:54:45 2004
To: nanog@merit.edu
In-Reply-To: <40BDF164.EBC2EC65@aset.com> (Jon R. Kibler's message of "Wed,
02 Jun 2004 11:25:24 -0400")
Date: Wed, 02 Jun 2004 16:53:56 +0100
From: "Andrew - Supernews" <andrew@supernews.net>
Errors-To: owner-nanog-outgoing@merit.edu
>>>>> "Jon" == Jon R Kibler <Jon.Kibler@aset.com> writes:
Jon> The sad fact is that simple ingress and egress filtering would
Jon> eliminate the majority of bogus traffic on the Internet --
Jon> including (D)DoS attacks. If all ISPs would simply drop all
Jon> outbound packets whose source address is not a valid IP for the
Jon> subnet of origin, and all inbound packets that do not have valid
Jon> source IP addresses, the DDoS problem would be (for all intents
Jon> and purposes) fixed.
The majority of the DDoS traffic that's been received here over the
past year has had 100% valid and accurate source IP addresses.
--
Andrew, Supernews
http://www.supernews.com
