DDOS solution recommendation

• Previous message (by thread): DDOS solution recommendation
• Next message (by thread): DDOS solution recommendation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le 11/01/2015 14:50, Patrick W. Gilmore a écrit :
> I agree with lots said here.
>
> But I've said for years (despite some people saying I am confused) that BCP38 is the single most important thing we can do to cut DDoS.
>
> No spoofed source means no amplification. It also stops things like Kaminsky DNS attacks.
>
> There is no silver bullet. Security is a series of steps ("layers" as one highly respected security professional has in his .sig). But the most important layer, the biggest bang for the buck we can do today, is eliminated spoofed source.
>
> Push on your providers. Stop paying for transit from networks that do not filter ingress, put it in your RFPs, and reward those who do with contracts. Make it economically advantageous to fix the problem, and people will.

+1
mh
>

• Previous message (by thread): DDOS solution recommendation
• Next message (by thread): DDOS solution recommendation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]