nanog mailing list archives
Re: WANTED: ISPs with DDoS defense solutions
From: Jack Bates <jbates () brightok net>
Date: Wed, 06 Aug 2003 10:51:23 -0500
Michael.Dillon () radianz com wrote:
If the client is behind a NAT, and the spoofed source address doesn't get through, then that's OK because it means that no application in that same location behind the NAT can use spoofed addresses.
Which is important given the number of NAT setups that only perform NAT for the ranges they deal with and leave everything else alone. NATing all traffic may not be ideal in some cases, but filtering traffic that isn't desired is critical. Establishing an initial connection is, of course, necessary so that the server recognizes what the source address should be.
-Jack
Current thread:
- Re: WANTED: ISPs with DDoS defense solutions Petri Helenius (Jul 31)
- <Possible follow-ups>
- Re: WANTED: ISPs with DDoS defense solutions Michael . Dillon (Aug 01)
- RE: WANTED: ISPs with DDoS defense solutions Tomas Daniska (Aug 01)
- Re: WANTED: ISPs with DDoS defense solutions Christopher L. Morrow (Aug 01)
- Re: WANTED: ISPs with DDoS defense solutions Michael . Dillon (Aug 06)
- Re: WANTED: ISPs with DDoS defense solutions Jack Bates (Aug 06)