DDOS solution recommendation
m.hallgren at free.fr
Sun Jan 11 15:47:03 UTC 2015
Le 11/01/2015 14:50, Patrick W. Gilmore a écrit :
> I agree with lots said here.
> But I've said for years (despite some people saying I am confused) that BCP38 is the single most important thing we can do to cut DDoS.
> No spoofed source means no amplification. It also stops things like Kaminsky DNS attacks.
> There is no silver bullet. Security is a series of steps ("layers" as one highly respected security professional has in his .sig). But the most important layer, the biggest bang for the buck we can do today, is eliminated spoofed source.
> Push on your providers. Stop paying for transit from networks that do not filter ingress, put it in your RFPs, and reward those who do with contracts. Make it economically advantageous to fix the problem, and people will.
More information about the NANOG