filter
Click on the red underlined text to get to the source
...
While the filtering method discussed in this document does
absolutely nothing to protect against flooding attacks ...
... this nature using forged source addresses that do not conform to
ingress filtering rules. All providers of Internet connectivity are
urged to implement filtering ...
... ingress filtering rules. All providers of Internet connectivity are
urged to implement filtering described in this document to prohibit
attackers from using forged source addresses ...
... downstream networks, strict traffic filtering should be used to
prohibit traffic which claims to have originated from outside of
...
...
An additional benefit of implementing this type of filtering is that
it enables the originator to be easily traced to it's true source,
since the attacker ...
... administrator of a system under attack may be inclined to
filter all traffic coming from the apparent attack source. Adding
...
... traffic coming from the apparent attack source. Adding
such a filter would then result in a denial of service to
legitimate, non-hostile end-systems. In this case, the administrator ...
... attacks with very high connection attempt rates. This is a welcome
and necessary part of the solution to the problem. Ingress filtering
will take time to be implemented pervasively and be fully effective,
but the extensions to the operating systems ...
... Implementation of automatic filtering on remote access servers.
In most cases, a user dialing into an access server is an
individual user on a single PC ...
...
Filtering of this nature has the potential to break some types of
"special" services. It is in the best interest of the ISP ...
... 6], is specifically affected by ingress
traffic filtering. As specified, traffic to the mobile node is
...
... source
addresses that do not match with the network where the station is
attached. To accommodate Ingress Filtering and other concerns, the
Mobile IP Working Group ...
...
As mentioned previously, while ingress traffic filtering drastically
reduces the success of source address spoofing ...
... Network service providers and
administrators have already begun implementing this type of filtering
on periphery routers, and it is recommended that all service
providers ...
... service providers can categorically demonstrate that their network
already has ingress filtering in place on customer links.
...
...
Corporate network administrators should implement filtering to ensure
their corporate networks are not the source of such problems. Indeed,
...
... their corporate networks are not the source of such problems. Indeed,
filtering could be used within an organization to ensure users do not
cause problems by improperly attaching systems to the wrong networks.
...
... whole; as more Internet Providers and corporate network
administrators implement ingress filtering, the opportunity for an
attacker to use forged source addresses ...