North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: ACLs / Filter Lists - Best Practices
- From: Andreas Plesner Jacobsen
- Date: Fri Nov 30 02:43:22 2001
On Fri, Nov 30, 2001 at 01:39:24AM -0500, Tim Irwin wrote:
> - <rant>RFC 1918 filtering is no silver bullet. Yes, it should be done, but
> all a malicious person needs in order to be able to launch an effective DDoS
> attack is to source from unassigned address space or address space that is
> known to be unused.</rant>
And that's why we all need to employ things like CEF reverse path
verification at our customer edge.
Andreas Plesner Jacobsen | There's a lot to be said for not saying a lot.