Re: [apnic-talk] NICs and Egress filtering?
On Mon, Jan 08, 2001 at 11:06:08AM +1030, Phil Crooker wrote:
> Hi,
>
> I look after Internet security for our company and have often wondered
> ....
>
> Considering how important egress filtering of spoofed IP addresses in
> preventing Distributed Denial Of Service attacks, I was wondering
> whether APNIC and the other NICs have considered requiring IP address
> holders to apply egress filters on their boundary routers?
I think the more usual place to apply filters to catch spoofing is
on the ingress to your network, on the customer-facing circuit.
Packet filtering is frequently expensive, which is a good reason
to push it out to the edge.
> It seems to me the major NICs are about the only body that have the
> where-with-all to enforce these filters.
How would they enforce them?
Joe
* APNIC-TALK: General APNIC Discussion List *
* To unsubscribe: send "unsubscribe" to apnic-talk-request at apnic dot net *