Re: Continuous medium traffic fake Syn packets
From: Seth Arnold (sarnold@wirex.com)Date: 10/13/02
- Previous message: Philipp Schulte: "Re: Continuous medium traffic fake Syn packets"
- In reply to: Philipp Schulte: "Re: Continuous medium traffic fake Syn packets"
- Next in thread: Philipp Schulte: "Re: Continuous medium traffic fake Syn packets"
- Reply: Philipp Schulte: "Re: Continuous medium traffic fake Syn packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 13 Oct 2002 00:22:51 -0700 From: Seth Arnold <sarnold@wirex.com> To: focus-linux@securityfocus.com
On Fri, Oct 11, 2002 at 12:12:51PM +0200, Philipp Schulte wrote:
> The only way this problem could be really solved is when all ISPs
> start to use ingress-filtering (RFC2267) so no packets with faked
> IP-addresses would leave their network in the first place.
ObPedant: ingress filtering is filtering _incoming_ traffic. Filtering
outgoing traffic is egress filtering. And I would be pleased if more
providers put the effort into filtering their networks' outgoing traffic
to ensure the source host IPs are valid.
-- "A mouse can be just as dangerous as a bullet or a bomb." -- US Representative Lamar Smith (R-Texas)
- application/pgp-signature attachment: stored
- Previous message: Philipp Schulte: "Re: Continuous medium traffic fake Syn packets"
- In reply to: Philipp Schulte: "Re: Continuous medium traffic fake Syn packets"
- Next in thread: Philipp Schulte: "Re: Continuous medium traffic fake Syn packets"
- Reply: Philipp Schulte: "Re: Continuous medium traffic fake Syn packets"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
