North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: SYN spoofing
- From: Ron Buchalski
- Date: Tue Aug 03 11:39:28 1999
From: Randy Bush <[email protected]>
To: Joe Shaw <[email protected]>
CC: John Fraizer <[email protected]>,Dan Hollis
<[email protected]>, [email protected],[email protected]
Subject: Re: SYN spoofing
Date: Mon, 2 Aug 1999 17:09:55 +0200 (CEST)
> How hard is it really to put a filter on your outbound links that says
> drop all ip traffic heading out these links that isn't from my IP space?
trivial. only one gotcha. if it is a backbone router, it will fall over
dead. beyond that, not a problem.
backbone level traffic can not be packet filtered by current real routers.
but we've had this discussion a few times already.
randy
Which is why it's more scaleable to do packet filtering at the edge, and
leave the core to do what it does best...switch packets.
-rb
_______________________________________________________________
Get Free Email and Do More On The Web. Visit http://www.msn.com
|