So, what does this say? Look for more 13-year-olds causing denial-of-service attacks for the hell of it. It seems a lot of the providers SYN flooders like to attack are the ones which have IRC servers, but the flooders attack the more traditional services of those providers, too.
My outbound filter blocks packets not from an address in my space. Am I wrong in thinking this is the right thing for non-transit networks to do?
Dick St.Peters, Gatekeeper, Pearly Gateway, Ballston Spa, NY
This is *exactly* the right thing to do; every provider which does not provide complicated transit (which excludes even certain regionals, alas) should do this at their borders if they don't do it at each customer connect. And everyone should at least filter on each customer 56k/t1/etc... I know router cycles are tight but it might *really* become imperative... Avi