stpetersNETHEAVEN.COM

• Next message: Matthew Harmon: "The Million Dollar Solution"
• Previous message: Andrew Sherrod: "Brooktrout fax boards"
• In reply to: Matthew King: "Re: Networking theories"
• Next in thread: Matthew King: "Re: Networking theories"
• Reply: Dick St.Peters: "Egress checking (was Re: Networking theories)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ISPs *should* be doing egress checking. We've been doing it for more
than 4 years. We not only block foreign-source packets, we log every
one blocked and track down the perpetrators.

(The overwhelming majority of such packets are from leaking VPNs.
Most "perpetrators" are just victims of lousy software, but we've
uncovered a few not-so-benign cases.)

--
Dick St.Peters, stpetersNetHeaven.com
Matthew King writes:
> Not many ISP or providers actually do that kind of egress checking.. I do
> not know of many here in Oz that do.
>
> Cya
> Matthew
>
>  -----Original Message-----
> From: 	Bluefish [mailto:11aGMX.NET]
> Sent:	Saturday, 6 May 2000 10:07 AM
> To:	VULN-DEVSECURITYFOCUS.COM
> Subject:	Re: Networking theories
>
> > victim.org(spoofed) ---> ICMP(source-quench) --->
> > router.victim.org
>
> Actually, there was a email from... cert (I think) ... intended for larger
> companies and ISPs with guidelines for combating DDoS. Among those
> guidelines there was recommendations of checking source IP. So it's a
> known problem which responsible ISPs will stop (but probably most doesn't)
>
> ..:::::::::::::::::::::::::::::::::::::::::::::::::..
>      http://www.11a.nu || http://bluefish.11a.nu
>     eleventh alliance development & security team

• Next message: Matthew Harmon: "The Million Dollar Solution"
• Previous message: Andrew Sherrod: "Brooktrout fax boards"
• In reply to: Matthew King: "Re: Networking theories"
• Next in thread: Matthew King: "Re: Networking theories"
• Reply: Dick St.Peters: "Egress checking (was Re: Networking theories)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]