|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: syn attack and source routing
> Or better yet, the ICMP TRACEROUTE message, which would go > hop by hop and on every hop generates a response message. > Augmented with PROXY TRACEROUTE which will cause the destination > box to send out the ICMP TRACEROUTE. This would be bad. Remembering back to the dim prehistory of time, when RIP mattered, I recall that gated (version 1) would respond differently to "a routing daemon" (whose UDP source port was 520) than to a "management tool" like ripquery (whose UDP source port was >1023). This always struck me as idiotic (and let's have no quips about RIP itself being idiotic -- this was 1986 and the alternatives, for me at that time, were worse). What this meant was that if your routing daemon wasn't hearing something you thought it ought to be hearing, there was no way to use the management tool to actually _look_at_ what was being offered. (This was before tcpdump, too.) I guarantee you that if ICMP TRACEROUTE appears, at least one widely used router, for at least one year of its aggregate future history, will respond inaccurately to it. Possibly there will even be knobs on the router to help network administrators configure "appropriate" responses to ICMP TRACEROUTE. Vadim called "traceroute" a "UDP kludge" and so it is, but it lets me see what packets would do, which is a LOT more useful than seeing what a router wants me to see. Perhaps this can be well enough specified in an I-D. Experience says not. - - - - - - - - - - - - - - - - -
|