On Tue, 11 Dec 2001, Francis Dupont wrote: > > => I dislike all firewalls, but this problem is a threat against > > ingress filtering so an ingress filtering solution is better. > > This is a problem that affects all filtering, not just ingress (for source > address). > > => we speak about the source address hiding by reflection in DDoS using HAO, > i.e. how to use HAO to foul the ingress filtering used as a protection > against DDoS, don't we ?
Routing Header also brings up issues that would need state in the firewall, in a similar fashion. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------