Bugtraq mailing list archives
Re: improved synflood protection & detection
From: gert () GREENIE MUC DE (Gert Doering)
Date: Wed, 6 May 1998 23:17:07 +0200
Hi, VaX#n8 wrote: [..]
Consulting <URL:ftp://ftp.isi.edu/in-notes/iana/assignments/ipv4-address-space> one finds that there are several classes of reserved addresses, distinct from the private addresses codified in the related RFCs:
[..]
It may be worthwhile to generate list of all address blocks not recently routed and construct a filter based on those.
This list will be very large due to the highly fragmented nature of 192/8, for example, and will be ever-changing. As long as there is no automatized way to generate this list, for example by a routing registry like "whois.ra.net", but more complete and better authenticated against erroneous objects, this is doomed to fail due to high maintenance efforts. On the other hand, I can only urge every internet service provider out there to carefully read RFC2267 ("Network Ingress Filtering") and apply strong filters to all customer lines. After all, you KNOW very exactly which IP addresses this customer is using (you route them to him), so you can easily filter all packets with other source addresses. While this won't immediately have any benefits to your network, it has enormous benefits to everybody else -- they can't be attacked by your customers any more. (Thanks to Alan Cox for pointing this out to me, and to Paul Ferguson for writing the RFC about it!). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert () greenie muc de fax: +49-89-35655025 gert.doering () physik tu-muenchen de
Current thread:
- improved synflood protection & detection VaX#n8 (May 06)
- Re: improved synflood protection & detection Oliver Friedrichs (May 06)
- Re: improved synflood protection & detection Gert Doering (May 06)