nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Defeating DoS Attacks Through Accountability

From: Ryan Tucker <rtucker () netacc net>
Date: Thu, 02 Nov 2000 22:14:15 -0500


On Thu, 2 Nov 2000 19:44:06 -0500 (EST), "Mark Mentovai" <mark-list () mentovai com> wrote:

The very first step, if you haven't done so already, is to push your own
organization to implement ingress and egress filtering.  This is NANOG, and
there are enough clueful NANOs reading with the resources needed to
accomplish this on a number of small- and medium-sized networks in the short
term.  With RFC 2827 in hand, use egress filters to make sure that your
networks don't permit packets with spoofed source addresses from entering
the Internet.  If you have customers, as many (most? all?) of us do, use
ingress filters to make sure that spoofed packets don't even enter your
network.


I'm fairly sure our network is all set, but does anyone have a good test
procedure to make sure?  I think it would be really beneficial to have a
utility/procedure that can, in fairly short order, test one's
configurations to make sure that everything is OK.  -rt

-- 
Ryan Tucker <rtucker () netacc net>                 Network Operations Manager
NetAccess, Inc.                                      Phone: +1 716 419-8200
1159 Pittsford-Victor Road, Pittsford NY 14534       http://www.netacc.net/
"Wouldn't you rather help make history than watch it on TV?" - Jello Biafra
Previous By Date Next
Previous By Thread Next

Current thread: