Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
RFC 2267, “Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing”, is an Informational document published in January 1998 by P. Ferguson, D. Senie. It has been obsoleted by RFC 2827 — refer to the newer document for the authoritative version. The canonical text is published by the RFC Editor.
Abstract
This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point. This memo provides information for the Internet community. It does not specify an Internet standard of any kind.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 2267 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 2266 Definitions of Managed Objects for IEEE 802.12 Repeater Devices
- RFC 2268 A Description of the RC2 Encryption Algorithm
- RFC 2265 View-based Access Control Model for the Simple Network Management Protocol
- RFC 2269 Using the MARS Model in non-ATM NBMA Networks
- RFC 2264 User-based Security Model for version 3 of the Simple Network Management Protocol
- RFC 2270 Using a Dedicated AS for Sites Homed to a Single Provider
- RFC 2263 SNMPv3 Applications
- RFC 2271 An Architecture for Describing SNMP Management Frameworks