FYI, - paul

To: IETF-Announce:; Cc: RFC Editor <rfc-editor@isi.edu> Cc: Internet Architecture Board <iab@isi.edu> From: The IESG <iesg-secretary@ietf.org> Subject: Protocol Action: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing to BCP Date: Tue, 15 Feb 2000 09:23:37 -0500 Sender: scoya@cnri.reston.va.us

The IESG has approved 'Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing' <rfc2267> as a Best Current Practice.

The IESG Contact Persons are Randy Bush and Bert Wijnen.

Technical Summary

This document describes recommended router configurations to reduce likelihood of attacks over the network. It describes how an ISP customer aggregation router should be configured to prevent a customer from sending packets with source addresses from space other than their own.

Working Group Summary

This is not the product of a working group, but has been used in practice, has passed general IETF last call twice, and is generally considered to be good practice.

Protocol Quality

This was reviewed for the IESG by Randy Bush.