nanog mailing list archives
Re: ISP port blocking practice
From: William Herrin <bill () herrin us>
Date: Fri, 3 Sep 2010 11:23:00 -0400
On Thu, Sep 2, 2010 at 11:04 PM, Daniel Senie <dts () senie com> wrote:
Ingress filtering is the correct tool for the job.
Not really. Ingress filtering only ever protected you from being the source of spooding attacks, not the destination. The point of Zhiyun's results is that it doesn't fully protect you from being the source either. Frankly, Zhiyun offers the first truly rational case I've personally seen for packet filtering based on the TCP source port. You should give his work more careful scrutiny. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside comĀ bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: ISP port blocking practice Zhiyun Qian (Sep 02)
- Re: ISP port blocking practice William Herrin (Sep 02)
- Re: ISP port blocking practice Zhiyun Qian (Sep 02)
- Re: ISP port blocking practice Suresh Ramasubramanian (Sep 02)
- Re: ISP port blocking practice Zhiyun Qian (Sep 02)
- Re: ISP port blocking practice Suresh Ramasubramanian (Sep 02)
- Re: ISP port blocking practice Zhiyun Qian (Sep 02)
- Re: ISP port blocking practice Zhiyun Qian (Sep 02)
- Re: ISP port blocking practice Daniel Senie (Sep 02)
- Re: ISP port blocking practice William Herrin (Sep 03)
- Re: ISP port blocking practice Dobbins, Roland (Sep 03)
- Re: ISP port blocking practice Dobbins, Roland (Sep 03)
- Re: ISP port blocking practice Zhiyun Qian (Sep 02)
- Re: ISP port blocking practice William Herrin (Sep 02)
- Re: ISP port blocking practice Owen DeLong (Sep 02)
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 02)
- Re: ISP port blocking practice Jack Bates (Sep 02)
- Re: ISP port blocking practice Franck Martin (Sep 02)
- Re: ISP port blocking practice Owen DeLong (Sep 03)
- Re: ISP port blocking practice Patrick W. Gilmore (Sep 03)
- Re: ISP port blocking practice Jack Bates (Sep 03)
- Re: ISP port blocking practice JC Dill (Sep 03)