North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SYN spoofing

  • From: Greg A. Woods
  • Date: Wed Jul 28 14:06:37 1999

[ On Wednesday, July 28, 1999 at 11:21:35 (-0400), Daniel Senie wrote: ]
> Subject: Re: SYN spoofing
> I suspect most deployed routers do at least some filtering of packets on
> most or all interefaces. In the past, some routers couldn't do these
> lookups efficiently on source addresses, but that's really an
> implementation issue. It's *possible* to design hardware that can handle
> it, if there's a business case for doing so. ISPs should be interested
> in doing such filtering.

In fact it's easy to buy off-the-shelf hardware today that can do
wire-speed filtering, assuming one has worked such costs into the budget
of building a network backbone....

							Greg A. Woods

+1 416 218-0098      VE3TCP      <[email protected]>      <robohack!woods>
Planix, Inc. <[email protected]>; Secrets of the Weird <[email protected]>