North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN floods (was: does history repeat itself?)
> -->(Note that reverse filters i described do _not_ require that the route > -->back must be best. It just have to be present in the RIB corresponding > -->to exterior routing session over the interface in question.) > --> > You may not have said it, but I remember someone said the route had to be > in the routing table. I would agree with you if it looked up the source > in the BGP table and if it considered history or dampened paths valid. If > your asymetry runs over multiple interfaces, then the best path might not > be on the interface the packet is arriving on. This behaviour is USEFULL in any case. If we can filter SRC addresses only in accordance with routing table - we'll prevent attackes from our direct customers. If this filtering will work in acordance with the total routing table (not best routes only) - OR, we'll prevent attack from some small ISP there too. But anyway this mechanism will work if it'll be available for us. I never wrote we can prevent attack via other big ISP if they would not support this filtering. But if Cisco'll incorporate this in _provider_ revision - I think most of ISP will use this mechanism in near future. (it depends of extra CPU and memory it'll use certainly). --- Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax) - - - - - - - - - - - - - - - - -
|