Is there a line of defense against Distributed Reflective attacks?

hc haesu at towardex.com
Fri Jan 17 05:03:56 UTC 2003


>
>
>>
>
> Good point.
>
> I suppose another basic but effective method of prevention would be 
> egress filtering. An increasing minority of network providers are 
> instituting it, but it doesn't seem like it will be a widespread thing 
> in the near-term.
>

Yes, but egress filtering is only effective by far. Anyone can forge the 
source to an IP address that belongs to one of the /16's a provider 
advertises.

It will help of course, but really not The solution... Or is there one?

-hc




More information about the NANOG mailing list