CC'd to NANOG, maybe we can move this there.
On Fri, 11 Feb 2000, Paul Ferguson wrote:
It would allow the attacks to be traced back to the zombies (in
the case of these DDoS attacks), and the perpetrators to be traced
back and identified.
To make that easier, what is needed is something associated with a
downstream interface that is a part of the configuration itself, not a
separate access-list. This makes it much easier to track on a large box
with many hundreds of customer links and so forth.
Something like so:
description whatever customer
ip address x y
ip allow-source blocks-that-are-valid
ip allow-source ...more-blocks-
so on and so forth.