North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Re[2]: SYN floods (was: does history repeat itself?)
What you propose is a Good Thing (tm), but I don't think it's sufficient. It still doesn't protect the 'net from antisocial behavior perpetrated by someone who has penetrated a system with dedicated access to the 'net. It seems like it would still be necessary for anyone selling dedicated access to install Good Neighboor (tm) anti-spoofing filters on their inbound interfaces (which probably requires MIPS that the routers in the field don't have). Regards, Joel On Thu, 12 Sep 1996, John G. Scudder wrote: > At 1:44 PM -0400 9/12/96, Curtis Villamizar wrote: > >I agree with you completely -- sort of. Only problem is there are > >thought to be some 3,000 dial access providers. Many of them barely > >know what a TCP SYN is, let alone why they need to block ones with > >random source addresses and how. Unless of course you are > ^^^^^^^^^^^^^^^^^^^^^^^^ > >volunteering to explain it and help them. Thanks in advance. :-) > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Curtis, this is a great point. USR and other NAS vendors are actually in a > great position to do exactly this, by changing their boxes to block random > addresses *by default* on dial-up ports. This is of course exactly the > point Vadim and others keep making, and of course as they point out there > ought to be a knob to disable it if desired. > > Insofar as guys who "barely know what a TCP SYN is" are unlikely to twist > the knobs, defaulting filtering to "block spoofed addresses" seems like the > best and maybe only way to get them to do it. > > How about it, USR &al? > > --John > > -- > John Scudder email: [email protected] > Internet Engineering Group, LLC phone: (313) 669-8800 > 122 S. Main, Suite 280 fax: (313) 669-8661 > Ann Arbor, MI 41804 www: http://www.ieng.com > > - - - - - - - - - - - - - - - - -
|