Firewall Wizards mailing list archives
Re: DDOS Countermeasures RFC
From: Ryan Russell <ryan () securityfocus com>
Date: Mon, 29 Jan 2001 18:19:11 -0700 (MST)
On Mon, 29 Jan 2001, Marcus J. Ranum wrote:
We're doomed, aren't we? mjr.
No, not really. There are technical countermeasures to solve the problem. People just won't implement them until they have to. To take a page from your book... legislate that it's illegal to allow spoofed packets off your net if you're an ISP, school, etc.. and that's illegal to peer with other ISPs who don't follow the same guidelines (keeps those countries in line that won't comply with US laws. The nerve.) Make the punishments really harsh, like any network admin who doesn't comply gets his/her house seized. Or, perhaps just get Cisco to add an interface statement "leaf-subnet" that is on by default, which prevents spoofing into that interface. Ryan _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- DDOS Countermeasures RFC Karl Wolfgang (Jan 29)
- Re: DDOS Countermeasures RFC Marcus J. Ranum (Jan 29)
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 30)
- Re: DDOS Countermeasures RFC Eric Vyncke (Jan 31)
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 30)
- <Possible follow-ups>
- Re: DDOS Countermeasures RFC kstephe6 (Jan 29)
- RE: DDOS Countermeasures RFC Kalat, Andrew (ISS Atlanta) (Jan 30)
- RE: DDOS Countermeasures RFC Scott Vowels (Jan 31)
- Re: DDOS Countermeasures RFC jan (Jan 31)
- Re: DDOS Countermeasures RFC Marcus J. Ranum (Jan 29)