I agree with you on that one, but DDOS attackers don't really care if their packets are beiong replied to. Besides, if routers have time time to answer the DOS isn't a great succes !! All kinds of flooding just try to send packets/connect to a port/address : ICMP/IGMP floods, Syn floods etc
Any user that is spoofing a private network ip is probably smart enough to spoof a legitimate source address and bypass whatever ACL is put in place.
Spoofing is done with typically with 10.,172.,192., also in real world, using legitimate adresses is bad idea, big chance the legitimate address is in use !! You should try a network with two hosts sharing te same IP address, I know what happens !!
Slashdot Mirror
Why should an ISP be so polite/lazy/dumb/.... not to alter the route-info, only on edge routers I mean ?? This option looks very nice to me !!
I agree with you on that one, but DDOS attackers don't really care if their packets are beiong replied to. Besides, if routers have time time to answer the DOS isn't a great succes !! All kinds of flooding just try to send packets/connect to a port/address : ICMP/IGMP floods, Syn floods etc
Any user that is spoofing a private network ip is probably smart enough to spoof a legitimate source address and bypass whatever ACL
is put in place.
Spoofing is done with typically with 10.,172.,192., also in real world, using legitimate adresses is bad idea, big chance the legitimate address is in use !! You should try a network with two hosts sharing te same IP address, I know what happens !!