North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is there a line of defense against Distributed Reflective attacks?

  • From: Stewart, William C (Bill), RTLSL
  • Date: Mon Jan 20 19:02:20 2003

> > > > Block all TCP 21 and 80 ?
> > > Why not just block all incoming SYN ?
> > Doesn't this stop kazaa/morpheus/gnutella/FTP/<some aim stuff like private chats>? 
> Indeed it does break that. P2P clients: Mostly transfer illegal content. [...]
> Ftp/HTTP etc I believe most cable providers currently block these anyway :-)
> There's a chance it'd break things like file transfers on IM clients but
> I'm sure they'd be altered too.

The policy of some cable modem companies against running anything
resembling a server is even more clueless from a business perspective
than it is from a technical perspective, but that's a rant for another list.

I'd assumed the "block all SYN" was humor, but if we're discussing it
seriously, it's a genuinely bad idea.
A large number of applications really are servers, such as the 
listener clients for IM systems (including IRC as well as commercial ones),
VOIP clients, Netmeeting and other videoconference tools, and
Games, which are one of the critical markets for selling broadband.
Some of them use UDP for everything that isn't central-server based,
either for packet-loss-tolerant apps or else for reinventing TCP the hard way,
or sometimes for NAT traversal, but many of them do or should use TCP.

	Bill Stewart
	Official Technical Spokesperson for ~0.00001% of Comcast cable network.