North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Is there a line of defense against Distributed Reflective attacks?
- From: Travis Pugh
- Date: Fri Jan 17 00:28:58 2003
According to hc <email@example.com>
> Of course, egress filters don't
> solve the issue. But considering most script kiddies' intelligence
> is limited, it will help at least a bit. :-) The problem with egress
> filtering is that it's mostly applicable at the end tier2+ level,
> the backbones, which means a lot of ISP's who are oblivious on what
> is (or some cases where egress filter breaks their network setup).
On the subject of "help a bit", if service providers were to require,
by default, either an egress filter (correctly configured) on the CPE
router or an ingress filter on their own customer aggregation router
it might do some good ...