From: Jason Slagle [mailto:raistlin@tacorp.net] Sent: Thursday, July 12, 2001 10:19 AM

On Thu, 12 Jul 2001, Bill Larson wrote:

...

Well to sum it up in one sentence. If you eliminate the bogus addresses, you can then target the actual zombie machines used to attack the site and eventually eliminate the risk via patching or null route them. So filtering bogus addresses, non-routable addresses, and the addresses, which do not belong to your net blocks, would serve to combat the denial of service attacks.

I believe the attacks in question are actually non-spoofed.

It's getting the source networks to remove the boxes that is the problem. Most of them are .edu.

Aha! I knew there was a reason that I filter EDU <g>.