nanog mailing list archives
Re: WANTED: ISPs with DDoS defense solutions
From: Jared Mauch <jared () puck Nether net>
Date: Mon, 4 Aug 2003 19:04:14 -0400
On Mon, Aug 04, 2003 at 04:59:53PM -0500, Jack Bates wrote:
on has to contact each IP owner and find out if spoof protection is enabled.
it's worse than that. If they have it enabled (eg: 10.0.0.0/24 has it enabled), but nobody else does, it allows everyone else to spoof from the 10/24 prefix causing large sets of complaints to filter into their mailbox. If we're able to authenticate the sources, then we can presume abuse reports are authentic. (aside from address space hijacking issues). it all comes down to filtering, filtering, filtering. announcement filtering, anti-spoof filtering, peer filtering. If you're not doing this, you *SHOULD* be. I know it's hard to do these things in the current business environment. Those of you that can, please take the time to do this. It will make the lives of the rest of us much easier when tracing attacks back. For those of you that are doing IPv6 deployments, might I suggest you also take the time to do the same? I know that Cisco has v6 u-rpf support already. - Jared -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- Re: WANTED: ISPs with DDoS defense solutions, (continued)
- Re: WANTED: ISPs with DDoS defense solutions Paul Vixie (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Vadim Antonov (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions bdragon (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 05)
- Re: WANTED: ISPs with DDoS defense solutions Randy Bush (Aug 06)
- opsec IETF draft (was Re: WANTED: ISPs with DDoS defense solutions) George Jones (Aug 07)
- Re: WANTED: ISPs with DDoS defense solutions Randy Bush (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Jack Bates (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Jared Mauch (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions bdragon (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Rob Thomas (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Hank Nussbacher (Aug 04)
- Re: WANTED: ISPs with DDoS defense solutions Jared Mauch (Aug 05)