First page Back Continue Last page Summary Graphics
Distributed Attack Protection: Filtering & Router Configuration
- Egress filtering
- Disallow packets without valid source addresses (preventing spoofing)
- Block certain “broadcast” traffic (like ICMP Echo Reply)
- Ingress filtering
- ISPs only accept traffic from authorized sources
- Have routers turn off forwarding of IP directed broadcast packets
- Turn off echo and chargen services