RFC 2267

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, January 1998

File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Obsoleted by:
RFC 2827
Authors:
P. Ferguson
D. Senie
Stream:
[Legacy]

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC2267

Discuss this RFC: Send questions or comments to the mailing list iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 2267


Abstract

This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point. This memo provides information for the Internet community. It does not specify an Internet standard of any kind.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search