From: Jason Slagle [mailto:raistlin@tacorp.net]
Sent: Thursday, July 12, 2001 10:19 AM> Well to sum it up in one sentence. If you eliminate the
bogus addresses, you
> can then target the actual zombie machines used to attack
the site and
> eventually eliminate the risk via patching or null route
them. So filtering
> bogus addresses, non-routable addresses, and the addresses,
which do not
> belong to your net blocks, would serve to combat the denial
of service
> attacks.I believe the attacks in question are actually non-spoofed.
It's getting the source networks to remove the boxes that is the
problem. Most of them are .edu.
Aha! I knew there was a reason that I filter EDU <g>.