Hi, On Thu, Sep 02, 1999 at 10:44:39AM +0100, Leigh Porter wrote:
As a side note, does anybody use anything to prevent address spoofing in their network? That would at prevent a lot of attacks completly and make tracing the rest much easier.
Sure we do. On our ingress interfaces to our customers, we have very strict access lists ("permit ip <customer net> any / deny ip any any log"). On our external interfaces from our upstreams we deny packets with a source address coming from one our network blocks. Interesting enough, we don't observe many attacks - what we do see is LOTS of broken end user configurations (leaking RFC 1918 networks, customers leaking IP addresses from other ISPs, ...). Gert Doering -- NetMaster -- SpaceNet GmbH Mail: netmaster@Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 80807 Muenchen Fax : +49-89-32356-299