2267: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing.

HTML TXT PS PDF

Recent occurrences of various Denial of Service (DoS) attacks which have employed forged source addresses have proven to be a troublesome issue for Internet Service Providers and the Internet community overall. This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point.

Status INFORMATIONAL
Format TXT=21032 bytes
Authors D. Senie
Date January 1998
Keyphrases filtering Ingress Ingress Filtering attack

Obsoleted by

RFC2827: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing.

References

RFC1812: Requirements for IP Version 4 Routers.
RFC1918: Address Allocation for Private Internets.
RFC2002: IP Mobility Support.

Referenced by

RFC2344: Reverse Tunneling for Mobile
RFC2644: Changing the Default for Directed Broadcasts in Routers.
RFC2893: Transition Mechanisms for IPv6 Hosts and Routers.
RFC3024: Reverse Tunneling for Mobile IP, revised.
RFC3142: An IPv6-to-IPv4 Transport Relay Translator.
RFC3178: IPv6 Multihoming Support at Site Exit Routers.