Re: Internet SYN Flooding, spoofing attacks
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Internet SYN Flooding, spoofing attacks
Phil Karn writes:
> By the way, ingress filtering breaks things other than Mobile IP.
> Consider the DirecPC service, which gives you a one-way (forward)
> satellite channel at 400 kb/s. Your return link is via local dialup
> service provider. If the local ISP (or its upstream provider) does
> source filtering, you can't send your perfectly legitimate packets
> into the network over that ISP without tunneling them all through
> DirecPC's own network connection, which may be on the other side of
> the continent.
Filtering does not break my users' DirecPC.
It also does not break their VPN.
It does keep a lot of martian packets off my network, and in several
instances it has blocked spoofed-source-IP DoS attempts by my users.
--
Dick St.Peters, stpeters at NetHeaven.com
Gatekeeper, NetHeaven, Saratoga Springs, NY
Saratoga/Albany/Amsterdam/BoltonLanding/Cobleskill/Greenwich/
GlensFalls/LakePlacid/NorthCreek/Plattsburgh/...
Oldest Internet service based in the Adirondack-Albany region
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
