RFC - 2827
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
| Original: | ftp://ftp.isi.edu/in-notes/rfc2827.txt |
|---|---|
| Authors: | P. Ferguson [Cisco Systems, Inc.], D. Senie [Amaranth Networks Inc.] |
| Date: | May 2000 |
| Category: | Best Current Practice [ BCP-38 ] |
| Obsoletes: | |
|---|---|
| RFC-2267 | Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing (Obsoleted by RFC-2827) |
| Updated by: | |
|---|---|
| RFC-3704 [BCP 84] |
Ingress Filtering for Multihomed Networks |
| Referred by: | 26 RFC |
| Refers to: | 4 RFC |
Status
This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
Recent occurrences of various Denial of Service (DoS) attacks which have employed forged source addresses have proven to be a troublesome issue for Internet Service Providers and the Internet community overall. This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point.
-
prepared by Miloslav Nic
- the founder of Zvon.org and Law-Ref.org
- the head of B.Sc. program Informatics and chemistry [in Czech]
- the founder of Lidem.org - Volby 2006 - parliamentary elections in the Czech Republic [in Czech]
- the chief consultant of the publishing house ICT Press
- and Pavel Srb, a student of B.Sc. program Informatics and chemistry