North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Re[4]: SYN floods (was: does history repeat itself?)

  • From: Perry E. Metzger
  • Date: Tue Sep 10 15:07:41 1996

Pat Calhoun writes:
>         However if you are filtering on your outbound router to the net, 
>      there is still the possbility that a malicious user could spoof 
>      addresses as long as they belong to your address space. By moving the 
>      filter out to the edge (when you have the equipment) this eliminates 
>      that problem as well.

I think thats less of a problem -- spoofing addresses inside the
network narrows down your origin enough that you are very likely to be
caught or shut down quickly. It might have an advantage in stopping
ankle-biter attacks against your own equipment by your users, though.

I think that agressively sanity-filtering the net at all junctions is
probably a good idea in general, though. Would that we had the CPU
power...

(Whats needed, I think, is a cheap box that just does filtering.  If
it did it in hardware, it could be very fast (needed for high speed
lines) and possibly even cheap.

Perry
- - - - - - - - - - - - - - - - -