[c-nsp] ISP - unwanted traffic
Dobbins, Roland
rdobbins at arbor.net
Fri Jun 4 05:06:42 EDT 2010
On Jun 3, 2010, at 2:16 AM, Roman A. Nozdrin wrote:
> You may use traffic blackholing in case of unused ip addresses with some kind of statefull firewalling(despite scalability contraints) for used ip addresses.
This is a self-DoS, highly *not* recommended. SPs don't wedge stateful firewall DoS chokepoints into the middle of their networks - at least, the ones who wish to retain their customers, heh.
;>
Anti-spoofing at the customer edge is the accepted industry BCP.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken
More information about the cisco-nsp
mailing list