WANTED: ISPs with DDoS defense solutions

Jack Bates jbates at brightok.net
Wed Aug 6 15:51:23 UTC 2003


Michael.Dillon at radianz.com wrote:
> 
> If the client is behind a NAT, and the spoofed source address doesn't get 
> through, then that's OK because it means that no application in that same 
> location behind the NAT can use spoofed addresses.
> 

Which is important given the number of NAT setups that only perform NAT 
for the ranges they deal with and leave everything else alone. NATing 
all traffic may not be ideal in some cases, but filtering traffic that 
isn't desired is critical. Establishing an initial connection is, of 
course, necessary so that the server recognizes what the source address 
should be.


-Jack




More information about the NANOG mailing list