Re: Defeating DoS Attacks Through Accountability

[Ariel Biener <ariel () fireball tau ac il>]

On Thu, 2 Nov 2000, Ryan Tucker wrote:

> > term.With RFC 2827 in hand, use egress filters to make sure that your
> > networks don't permit packets with spoofed source addresses from entering
> > the Internet.If you have customers, as many (most? all?) of us do, use
> > ingress filters to make sure that spoofed packets don't even enter your
> > network.

Oh, Ryan, on this subject specifically, the downstream providers should
not count on the upstream to check if they send spoofed packets to them,
and they should also filter them on egress. If all ISPs took care of this
(and it ain't that hard to configure), this could make life for NSPs alot
easier. We should balance responsibility among clients and providers, and
not just pin it all on the NSPs. The game is cooperation.....

--Ariel

> --
> Ryan Tucker <rtucker () netacc net>               Network Operations Manager
> NetAccess, Inc.                                    Phone: +1 716 419-8200
> 1159 Pittsford-Victor Road, Pittsford NY 14534     http://www.netacc.net/
> "Wouldn't you rather help make history than watch it on TV?" - Jello Biafra

--
Ariel Biener
e-mail: ariel () post tau ac il           Work phone: 03-6406086
fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC