[AusNOG] Stopping Amplification Attacks

Peter Fern ausnog at 0xc0dedbad.com
Tue Apr 11 18:34:16 EST 2017


See BCP38:

http://www.bcp38.info/index.php/Main_Page
https://tools.ietf.org/html/rfc2827.html

On 11/04/17 18:04, Damian Ivereigh wrote:
> Hi all,
>
> Given the way amplification attacks work - where you spoof the source
> IP address to be that of the target and then find services that can
> respond with significantly larger response (e.g. DNS, NTP etc), I am
> wondering if it is considered good practice at the ISP level to block
> traffic leaving your network with any source addresses that do not
> match your own address range or that of your clients.
>
> Do many/all ISPs do this? Are there any practical complications from
> doing this?
>
> Damian
>


More information about the AusNOG mailing list