Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ACLs / Filter Lists - Best Practices

  • From: Andreas Plesner Jacobsen
  • Date: Fri Nov 30 02:43:22 2001

On Fri, Nov 30, 2001 at 01:39:24AM -0500, Tim Irwin wrote:
> 
> - <rant>RFC 1918 filtering is no silver bullet.  Yes, it should be done, but
> all a malicious person needs in order to be able to launch an effective DDoS
> attack is to source from unassigned address space or address space that is
> known to be unused.</rant>

And that's why we all need to employ things like CEF reverse path
verification at our customer edge.

-- 
Andreas Plesner Jacobsen | There's a lot to be said for not saying a lot.




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.