North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: syn attack and source routing

  • From: Vadim Antonov
  • Date: Wed Sep 18 17:31:07 1996

John Hawkinson <[email protected]> wrote:

>   i should have been more specific.  i don't like the idea (at all) of
> breaking traceroute -g either.  i guess in a more general sense i
> should ask "just how dangerous *is* having backbone-wide/internet-wide
> loose source routing enabled?".

>As Curtis explained, "not very".

Want to wait until SYN attacks are augmented with LSRR-enabled
traffic randomization to the point of making it nearly impossible
to trace?

People knew about SYN flooding for years.  Nothing happened until
s*t hit the fan.  I strongly suspect that LSRR is of the same
category.

>This is a very different case from that of SYN flooding, where the
>victims are powerless to stop it.

Now, providers being unable to trace would be a nice addition.

>Please don't take our LSRR away from us, it is very useful.

Per se, LSRR is not useful.  traceroute -g is.

Why not to implement something saner like traceroute servers?

Or better yet, the ICMP TRACEROUTE message, which would go
hop by hop and on every hop generates a response message.
Augmented with PROXY TRACEROUTE which will cause the destination
box to send out the ICMP TRACEROUTE.

I can write RFC in my copious spare time if you think that this
makes more sense than the UDP kludge.

>Campaigning to remove something just because you suspect it might be
>bad is really not nice -- it will result in random clueless people
>believeing you when perchance they should not :-)

Ah. I love the "the moozhik won't cross until thunder rolls" attitude.

--vadim
- - - - - - - - - - - - - - - - -