Why can't I just route my AMPRNet allocation directly myself ?

From AMPRNet
Revision as of 01:24, 21 April 2014 by Njohnson (talk | contribs) (Created page with " Because in the 1990's and early 2000's many networks began to experience [http://en.wikipedia.org/wiki/Denial-of-service_attack denial of service attacks] due to [http://en.w...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Because in the 1990's and early 2000's many networks began to experience denial of service attacks due to IP address spoofing.

In order to combat these attacks, most Internet Service Providers have adopted practices defined by the Internet Standards BCP38 and BCP84. Two of these practices are ingress filtering and Unicast Reverse Path Forwarding.

These practices prevent IP address spoofing by blocking packets whose IP source address is not the in the IP subnet range where the packet originated.

If your ISP implements these practices, you will be unable to transmit packets using your AMPRNet allocation as the source address directly from your home network.

The two ways around these restrictions are:

  1. Creating tunnels to other AMPRNet subnets using a gateway.
  2. Working with your ISP to announce your allocation directly.