[nsp-sec] Info share: REN-ISAC alert DNS Amplification attacks
Smith, Donald
Donald.Smith at CenturyLink.com
Thu May 9 15:50:11 EDT 2013
I agree. We do strict mode urpf for nearly all of our customers. We have also implemented antispoofing for our broadband customers.
What I was saying is while I would like the customers to do egress filtering I can't depend on that thus we do ingress filtering at our edges.
(coffee != sleep) & (!coffee == sleep)
Donald.Smith at centurylink.com<mailto:Donald.Smith at centurylink.com>
________________________________
From: nsp-security [nsp-security-bounces at puck.nether.net] on behalf of SURFcert - Peter [p.g.m.peters at utwente.nl]
Sent: Thursday, May 09, 2013 1:40 PM
To: Smith, Donald
Cc: NSP nsp-security
Subject: Re: [nsp-sec] Info share: REN-ISAC alert DNS Amplification attacks
Donald,
Smith, Donald wrote on 2013-05-09 19:01:
> But since I can't control my customers routers (for the most part) I have to depend on ingress filtering.
With ingress you mean filtering what comes from your customers? Because
that is reasonable to do. You know what IP addresses the have (or
advertise toward you) so you can stop them from spoofing anything else.
--
Peter Peters /------\ SURFnet bv
SURFcert | SURF | cert.surfnet.nl
cert at surfnet.nl<mailto:cert at surfnet.nl> \-----\ \-----\ Postbus 19035
PGP Key ID 0x5A52C966 | CERT | NL-3501 DA Utrecht
+31 30 2305 305 \------/ fax: +31 30 2305 329
----------- nsp-security Confidential --------
More information about the nsp-security
mailing list