RFC - 2267
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
| Original: | ftp://ftp.isi.edu/in-notes/rfc2267.txt |
|---|---|
| Authors: | P. Ferguson [Cisco Systems, Inc.], D. Senie [BlazeNet, Inc.] |
| Date: | January 1998 |
| Category: | Informational |
| This specification has been !!! obsoleted !!! | |
| Obsoleted by: | |
|---|---|
| RFC-2827 [BCP 38] |
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing (Updated by RFC-3704) |
| Referred by: | 9 RFC |
| Refers to: | 3 RFC |
Status
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
Abstract
Recent occurrences of various Denial of Service (DoS) attacks which have employed forged source addresses have proven to be a troublesome issue for Internet Service Providers and the Internet community overall. This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point.
-
prepared by Miloslav Nic
- the founder of Zvon.org and Law-Ref.org
- the head of B.Sc. program Informatics and chemistry [in Czech]
- the founder of Lidem.org - Volby 2006 - parliamentary elections in the Czech Republic [in Czech]
- the chief consultant of the publishing house ICT Press
- and Pavel Srb, a student of B.Sc. program Informatics and chemistry