Stephane Bortzmeyer <[email protected]> wrote: > Tony Finch <[email protected]> wrote: > > > > ACLs in the server are not enough, you also need ingress filtering > > > on the borders of your network, to prevent packets claiming to be > > > from your network to get inside. > > > > That kind of ingress filtering protects you against DDoSing > > yourself, which maybe the rest of the Internet isn't too bothered > > about :-) > > I'm not sure I understand you.
If spoofed packets come into your network "from" one of your addresses then any amplification inside your network will reflect back to your own addresses. An attacker can hurt you harder with much less bandwidth usage in the rest of the Internet. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Ardnamurchan Point to Cape Wrath: Northwesterly 5 to 7, occasionally gale 8 at first, backing westerly 4 or 5 later, then becoming cyclonic 3 later in far north. Very rough or high becoming rough or very rough, then moderate or rough later. Squally wintry showers, perhaps thundery in north. Good, occasionally poor. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
