Is there a line of defense against Distributed Reflective attacks?

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to hc <haesu at towardex.com>


> Of course, egress filters don't
> solve the issue. But considering most script kiddies' intelligence
level
> is limited, it will help at least a bit. :-) The problem with egress
> filtering is that it's mostly applicable at the end tier2+ level,
not at
> the backbones, which means a lot of ISP's who are oblivious on what
it
> is (or some cases where egress filter breaks their network setup).

On the subject of "help a bit", if service providers were to require,
by default, either an egress filter (correctly configured) on the CPE
router or an ingress filter on their own customer aggregation router
it might do some good ...

Cheers.

-travis

>
> -hc
>

• Previous message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Next message (by thread): Is there a line of defense against Distributed Reflective attacks?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]