RFC 2267

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, January 1998

Canonical URL:
https://www.rfc-editor.org/rfc/rfc2267.txt
File formats:
Plain TextPDF
Status:
INFORMATIONAL
Obsoleted by:
RFC 2827
Authors:
P. Ferguson
D. Senie
Stream:
[Legacy]

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC2267

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point. This memo provides information for the Internet community. It does not specify an Internet standard of any kind.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader