[AusNOG] Stopping Amplification Attacks

Damian Ivereigh damo at launtel.net.au
Tue Apr 11 18:04:49 EST 2017


Hi all,

Given the way amplification attacks work - where you spoof the source IP 
address to be that of the target and then find services that can respond 
with significantly larger response (e.g. DNS, NTP etc), I am wondering 
if it is considered good practice at the ISP level to block traffic 
leaving your network with any source addresses that do not match your 
own address range or that of your clients.

Do many/all ISPs do this? Are there any practical complications from 
doing this?

Damian

-- 

Launtel - We're at your call
Tel: 1800LAUNTEL (1800528683)
Mob: 0418217582
Fax: 1300784109
http://www.launtel.net.au



More information about the AusNOG mailing list