Re: DDOS solution recommendation

[Michael Hallgren <m.hallgren () free fr>]

Le 11/01/2015 14:50, Patrick W. Gilmore a écrit :
> I agree with lots said here.
>
> But I've said for years (despite some people saying I am confused) that BCP38 is the single most important thing we 
> can do to cut DDoS.
>
> No spoofed source means no amplification. It also stops things like Kaminsky DNS attacks.
>
> There is no silver bullet. Security is a series of steps ("layers" as one highly respected security professional has 
> in his .sig). But the most important layer, the biggest bang for the buck we can do today, is eliminated spoofed 
> source.
>
> Push on your providers. Stop paying for transit from networks that do not filter ingress, put it in your RFPs, and 
> reward those who do with contracts. Make it economically advantageous to fix the problem, and people will.

+1
mh
>