Search RFCs
BCP 38
RFC 2827
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing,May 2000
- File formats:
- Status:
- BEST CURRENT PRACTICE
- Obsoletes:
- RFC 2267
- Updated by:
- RFC 3704
- Authors:
- P. Ferguson
D. Senie - Stream:
- IETF
- Source:
- NON WORKING GROUP
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC2827
Discuss this RFC: Send questions or comments to the mailing listiesg@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 2827
Abstract
This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS (Denial of Service) attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.