North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: syn attack and source routing
John Hawkinson <[email protected]> wrote: > i should have been more specific. i don't like the idea (at all) of > breaking traceroute -g either. i guess in a more general sense i > should ask "just how dangerous *is* having backbone-wide/internet-wide > loose source routing enabled?". >As Curtis explained, "not very". Want to wait until SYN attacks are augmented with LSRR-enabled traffic randomization to the point of making it nearly impossible to trace? People knew about SYN flooding for years. Nothing happened until s*t hit the fan. I strongly suspect that LSRR is of the same category. >This is a very different case from that of SYN flooding, where the >victims are powerless to stop it. Now, providers being unable to trace would be a nice addition. >Please don't take our LSRR away from us, it is very useful. Per se, LSRR is not useful. traceroute -g is. Why not to implement something saner like traceroute servers? Or better yet, the ICMP TRACEROUTE message, which would go hop by hop and on every hop generates a response message. Augmented with PROXY TRACEROUTE which will cause the destination box to send out the ICMP TRACEROUTE. I can write RFC in my copious spare time if you think that this makes more sense than the UDP kludge. >Campaigning to remove something just because you suspect it might be >bad is really not nice -- it will result in random clueless people >believeing you when perchance they should not :-) Ah. I love the "the moozhik won't cross until thunder rolls" attitude. --vadim - - - - - - - - - - - - - - - - -
|