Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: FW: Re: Is there a line of defense against Distributed Reflective attacks?

From: John Kristoff
Date: Sun Jan 19 08:38:13 2003

On Sat, Jan 18, 2003 at 10:45:11PM -0600, Chris Adams wrote:
> How is this different than "ip verify unicast reverse-path" (modulo CEF
> problems and bugs, which of course NEVER happen :-) )?

It would be useful for all sorts of things besides verifying a source
address.  So in addition to complicated configurations such as multi-
homing/paths that you mention, it could also be useful for standard
filters on protocols, ports, logging and so on.

John

References:
- FW: Re: Is there a line of defense against Distributed Reflective attacks? Stewart, William C (Bill), RTLSL
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Daniel Senie
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? John Kristoff
- Re: FW: Re: Is there a line of defense against Distributed Reflective attacks? Chris Adams

Prev by Date: Re: NYT on Thing.net (fwd)
Next by Date: Re: FW: Re: Is there a line of defense against Distributed Reflectiveattacks?
Date Index
Thread Index
Author Index
Historical