North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: SYN flood messages flooding my mailbox
>Basing this on the AdjRibIn is a more work than just reversing the >sense of the Fib but it does cover quite a few more cases. Though not >all of them. No, not of course; but more than enough to be practical. A _lot_ more practical than manually (or semi-automatically) maintained access lists which do not provide any "visible" benefit. >The transit providers still need to be able to trace attacks after the >fact since there is no filter that covers these cases... Absolutely. When other things do not help :) >and filters at >the fringes will be spotty deplomyments. That's why i want reverse-route verification to be _default_ behaviour of routers. A person who knows how to use asymmetric routing would know how to turn the feature off. A person who is clueless or simply doesn't care will leave default as is. --vadim - - - - - - - - - - - - - - - - -
|