Firewall Wizards mailing list archives
Re: DDOS Countermeasures RFC
From: Ryan Russell <ryan () securityfocus com>
Date: Mon, 29 Jan 2001 18:19:11 -0700 (MST)
On Mon, 29 Jan 2001, Marcus J. Ranum wrote:
We're doomed, aren't we? mjr.
No, not really. There are technical countermeasures to solve the
problem. People just won't implement them until they have to. To take a
page from your book... legislate that it's illegal to allow spoofed
packets off your net if you're an ISP, school, etc.. and that's illegal to
peer with other ISPs who don't follow the same guidelines (keeps those
countries in line that won't comply with US laws. The nerve.) Make the
punishments really harsh, like any network admin who doesn't comply gets
his/her house seized.
Or, perhaps just get Cisco to add an interface statement "leaf-subnet"
that is on by default, which prevents spoofing into that interface.
Ryan
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- DDOS Countermeasures RFC Karl Wolfgang (Jan 29)
- Re: DDOS Countermeasures RFC Marcus J. Ranum (Jan 29)
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 30)
- Re: DDOS Countermeasures RFC Eric Vyncke (Jan 31)
- Re: DDOS Countermeasures RFC Ryan Russell (Jan 30)
- <Possible follow-ups>
- Re: DDOS Countermeasures RFC kstephe6 (Jan 29)
- RE: DDOS Countermeasures RFC Kalat, Andrew (ISS Atlanta) (Jan 30)
- RE: DDOS Countermeasures RFC Scott Vowels (Jan 31)
- Re: DDOS Countermeasures RFC jan (Jan 31)
- Re: DDOS Countermeasures RFC Marcus J. Ranum (Jan 29)