[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: IpFilter-zilla vs DDoS : the roadmap !
From:       Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail ! gov ! bc ! ca>
Date:       2000-02-24 20:57:25
[Download RAW message or body]

In message <20000224144429.H29489@obfuscation.org>, Erik Fichtner 
writes:
> On Thu, Feb 24, 2000 at 07:38:11PM +0100, Len Conrad wrote:
> > Reference: http://www.sans.org/ddos_roadmap.htm
> > 
> > Can we see some ipf rules as best effort for fortifying against DDoS :
> 
> Pretty much all of this is taken care of in the IPfilter howto, although,
> it's not *explicit* that this is what you're doing.
> 
> > 1. egress (source)
> > 2. ingress
> > 3. block certain types of traffic sent to "broadcast" addresses
> 
> i've seen "ingress" used for both inbound and outbound traffic.  So, I'm
> going to avoid this terminology and just define "INBOUND" to mean "FROM
> THE INTERNET TO YOUR SITE" and "OUTBOUND" to mean "FROM YOUR SITE TO THE
> INTERNET". 

Agreed it is confusing.  It depends on the author's point of view 
"ingress into your network" which is "egress from the Internet" or 
"ingress into the Internet" which is "egress from your network."  One 
could also make same case for "inbound" and "outbound".  Maybe someone 
should write an RFC to standardize the terms used when writing RFC's.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@uumail.gov.bc.ca
UNIX Group, ITSD, ISTA
Province of BC
                    "COBOL IS A WASTE OF CARDS."

[prev in list] [next in list] [prev in thread] [next in thread]