|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: syn attack and source routing
> Want to wait until SYN attacks are augmented with LSRR-enabled > traffic randomization to the point of making it nearly impossible > to trace? They're optioned packets, I imagine tracing them is easier and one is able to bludgeon one's vendor into putting in better tracing for you without them having a cow. > People knew about SYN flooding for years. Nothing happened until > s*t hit the fan. I strongly suspect that LSRR is of the same > category. I doubt it. As I said, anyone who's affected can cure themselves. > >Please don't take our LSRR away from us, it is very useful. > > Per se, LSRR is not useful. traceroute -g is. Lately I feel like I'm the single person on the planet who actually uses LSRR for stuff. I do use loose source telnet on the average of once a week... > Why not to implement something saner like traceroute servers? You go implement your traceroute servers everywhere I need them and THEN come back and ask me to shut it off and I'll consider it. > Or better yet, the ICMP TRACEROUTE message, which would go > hop by hop and on every hop generates a response message. > Augmented with PROXY TRACEROUTE which will cause the destination > box to send out the ICMP TRACEROUTE. > > I can write RFC in my copious spare time if you think that this > makes more sense than the UDP kludge. I'm not convinced it makes more sense. As I said to smd in response to his similar comments, the beauty of the current traceroute is that it's hard for idiots to turn it off. Very few other solutions have this wonderful property. --jhawk - - - - - - - - - - - - - - - - -
|