On Thu, 2 Nov 2000 19:44:06 -0500 (EST), "Mark Mentovai" <mark-list@mentovai.com> wrote:
The very first step, if you haven't done so already, is to push your own organization to implement ingress and egress filtering. This is NANOG, and there are enough clueful NANOs reading with the resources needed to accomplish this on a number of small- and medium-sized networks in the short term. With RFC 2827 in hand, use egress filters to make sure that your networks don't permit packets with spoofed source addresses from entering the Internet. If you have customers, as many (most? all?) of us do, use ingress filters to make sure that spoofed packets don't even enter your network.
I'm fairly sure our network is all set, but does anyone have a good test procedure to make sure? I think it would be really beneficial to have a utility/procedure that can, in fairly short order, test one's configurations to make sure that everything is OK. -rt -- Ryan Tucker <rtucker@netacc.net> Network Operations Manager NetAccess, Inc. Phone: +1 716 419-8200 1159 Pittsford-Victor Road, Pittsford NY 14534 http://www.netacc.net/ "Wouldn't you rather help make history than watch it on TV?" - Jello Biafra