Re: WANTED: ISPs with DDoS defense solutions

From: Jack Bates (no email)
Date: Wed Aug 06 2003 - 11:51:23 EDT

• Next message: Henry Linneweh: "Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,"
• Previous message: Pascal Gloor: "Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,"
• Maybe in reply to: Petri Helenius: "Re: WANTED: ISPs with DDoS defense solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 wrote:
>
> If the client is behind a NAT, and the spoofed source address doesn't get
> through, then that's OK because it means that no application in that same
> location behind the NAT can use spoofed addresses.
>

Which is important given the number of NAT setups that only perform NAT
for the ranges they deal with and leave everything else alone. NATing
all traffic may not be ideal in some cases, but filtering traffic that
isn't desired is critical. Establishing an initial connection is, of
course, necessary so that the server recognizes what the source address
should be.

-Jack

• Next message: Henry Linneweh: "Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,"
• Previous message: Pascal Gloor: "Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,"
• Maybe in reply to: Petri Helenius: "Re: WANTED: ISPs with DDoS defense solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]