Re: Continuous medium traffic fake Syn packets

From: Seth Arnold (
Date: 10/13/02

Date: Sun, 13 Oct 2002 00:22:51 -0700
From: Seth Arnold <>

On Fri, Oct 11, 2002 at 12:12:51PM +0200, Philipp Schulte wrote:
> The only way this problem could be really solved is when all ISPs
> start to use ingress-filtering (RFC2267) so no packets with faked
> IP-addresses would leave their network in the first place.

ObPedant: ingress filtering is filtering _incoming_ traffic. Filtering
outgoing traffic is egress filtering. And I would be pleased if more
providers put the effort into filtering their networks' outgoing traffic
to ensure the source host IPs are valid.

"A mouse can be just as dangerous as a bullet or a bomb."
-- US Representative Lamar Smith (R-Texas)

Relevant Pages

  • RE: FreeBSD router two DSL connections
    ... >> control how traffic goes OUT of your network. ... > filtering is simply wrong. ... el-cheapo DSL routers that are network address translators, ... 7206 VXR's now, any ISP under 10,000 customers can easily ...
  • Re: using wireless internet without security
    ... I know that using security (password or Mac-address filtering) is often ... Can virus spread across a wireless network between computers which are ... spreading to you from the internet right now. ...
  • Re: IRC-based Olympic Coverage
    ... >>is why nearly every corporate network in existance ... > While ICS has its place, you are too uninformed to realise that other ... Content filtering will be done ... waste money buying a hardware appliance, ...
  • Re: Unknown computer on home network
    ... >> I'm guessing that you are using a wireless network here. ... >> filtering on your router. ... That way only computers that are entered into ... > MAC filtering can be broken in seconds. ...
  • Re: Connection Filtering Allow IPs and Exchange 2003 SP2
    ... >that IMF and connection filtering are different but in the pre-SP2 ... >So we have our internal network in there as well. ...