Information on RFC 2827 » RFC Editor (original) (raw)

BCP 38

RFC 2827

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, May 2000

File formats:

icon for text file icon for PDF icon for HTML

Status:

BEST CURRENT PRACTICE

Obsoletes:

RFC 2267

Updated by:

RFC 3704

Authors:

P. Ferguson
D. Senie

Stream:

IETF

Source:

NON WORKING GROUP

Cite this RFC: TXT | XML | BibTeX

DOI: https://doi.org/10.17487/RFC2827

Discuss this RFC: Send questions or comments to the mailing list iesg@ietf.org

Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 2827

Abstract

This paper discusses a simple, effective, and straightforward method for using ingress traffic filtering to prohibit DoS (Denial of Service) attacks which use forged IP addresses to be propagated from 'behind' an Internet Service Provider's (ISP) aggregation point. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.