RFC - 3704
Ingress Filtering for Multihomed Networks
| Original: | ftp://ftp.isi.edu/in-notes/rfc3704.txt |
|---|---|
| Authors: | F. Baker [Cisco Systems], P. Savola [CSC/FUNET] |
| Date: | March 2004 |
| Category: | Best Current Practice [ BCP-84 ] |
| Updates: | |
|---|---|
| RFC-2827 [BCP 38] |
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing (Updated by RFC-3704) |
| Referred by: | 12 RFC |
| Refers to: | 5 RFC |
Status
This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
BCP 38, RFC 2827, is designed to limit the impact of distributed denial of service attacks, by denying traffic with spoofed addresses access to the network, and to help ensure that traffic is traceable to its correct source network. As a side effect of protecting the Internet against such attacks, the network implementing the solution also protects itself from this and other attacks, such as spoofed management access to networking equipment. There are cases when this may create problems, e.g., with multihoming. This document describes the current ingress filtering operational mechanisms, examines generic issues related to ingress filtering, and delves into the effects on multihoming in particular. This memo updates RFC 2827.
-
prepared by Miloslav Nic
- the founder of Zvon.org and Law-Ref.org
- the head of B.Sc. program Informatics and chemistry [in Czech]
- the founder of Lidem.org - Volby 2006 - parliamentary elections in the Czech Republic [in Czech]
- the chief consultant of the publishing house ICT Press
- and Pavel Srb, a student of B.Sc. program Informatics and chemistry