Craig A. Huegen <chuegen@cisco.com>
Network-Based Denial of Service Attacks
SANS ‘98 12
Prevention Techniques
•How
to prevent your network from being the source
of the attack:
Apply
filters to each customer network
Allow only
those packets with source addresses within the customer’s assigned netblocks to enter your network
Apply
filters to your upstreams
Allow only
those packets with source addresses within your netblocks to exit your network, to protect others
Deny those
packets with source addresses within your netblocks from coming into your network, to protect your
network
•This
removes the possibility of your network being
used as an attack source for many attacks which rely on anonymity