17 Jan
2003
17 Jan
'03
12:20 a.m.
On Fri, 17 Jan 2003, hc wrote:
Good point.
I suppose another basic but effective method of prevention would be egress filtering. An increasing minority of network providers are instituting it, but it doesn't seem like it will be a widespread thing in the near-term.
Yes, but egress filtering is only effective by far. Anyone can forge the source to an IP address that belongs to one of the /16's a provider advertises.
filter close to the end host, this limits (mostly) to the local /24 or /25 or /2(>5)...
It will help of course, but really not The solution... Or is there one?
haha, there isn't one :( since even with no spoofing you can muster an army of 100,000 IIS servers still scanning for nimda :(