Re: DDoS attack.

[Patrick Oonk <patrick () pine nl>]

On Sun, Jan 27, 2002 at 11:53:45PM -0500, Stanislav N. Vardomskiy wrote:
> On Sun, 27 Jan 2002, Bugtraq Mailing Lists wrote:
>
> > you should start implementing ingress filtering on your routers
> > so that this spoofed attack will not happen again by your end users.
 
<snip>

> As you should be a good internet denisen and not spew crap onto the
> backbone that might cause problems, you probably should filter egress as
> well.   Simplest egress filter would be:

<snip>
 
> P.S. This is not meant to be a replacement for someone with Cisco skill -
> there are many clued in people out there that are jobless at the moment,
> and last time I tried to write a comprehensive instructions for Cisco
> security for our IX, I got in no-nonsense way informed that I really
> should not take the bread and butter from the CCIEs, least I want my
> employer to be packeted/nullrouted off the face of the internet.

There's an even more comprehensive story about egress filtering
at http://www.incidents.org/protect/egress.php and at the Cisco
site: http://www.cisco.com/warp/public/707/newsflash.html

-- 
 patrick oonk - pine internet - patrick () pine nl - www.pine.nl/~patrick
 T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl 
 PGPID 155C3934  fp DD29 1787 8F49 51B8 4FDF  2F64 A65C 42AE 155C 3934  
 Excuse of the day: We're on Token Ring, and it looks like the
 token got loose.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com