North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Fwd: Protocol Action: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing to BCP
- From: Paul Ferguson
- Date: Tue Feb 15 11:59:23 2000
>Cc: RFC Editor <firstname.lastname@example.org>
>Cc: Internet Architecture Board <email@example.com>
>From: The IESG <firstname.lastname@example.org>
>Subject: Protocol Action: Network Ingress Filtering: Defeating Denial
> of Service Attacks which employ IP Source Address Spoofing to BCP
>Date: Tue, 15 Feb 2000 09:23:37 -0500
>The IESG has approved 'Network Ingress Filtering: Defeating Denial of
>Service Attacks which employ IP Source Address Spoofing' <rfc2267> as a
>Best Current Practice.
>The IESG Contact Persons are Randy Bush and Bert Wijnen.
> This document describes recommended router configurations to reduce
> likelihood of attacks over the network. It describes how an ISP customer
> aggregation router should be configured to prevent a customer from sending
> packets with source addresses from space other than their own.
>Working Group Summary
> This is not the product of a working group, but has been used in practice,
> has passed general IETF last call twice, and is generally considered to be
> good practice.
> This was reviewed for the IESG by Randy Bush.