nanog mailing list archives
Re: SYN floods continue
From: Vadim Antonov <avg () quake net>
Date: Wed, 11 Sep 1996 12:33:02 -0700
Alex Rudnev wrote: Hi, Alex!
BTW. Some time ago (when we used PC based routers and had all sources) we discussed the same problem. One of the best solutions to prevent many kinds of hacker's weapons is to allow customer send packets with SRC address ONLY if this (SRC) address have routing via the same interface. This control is possible only for one-homed customer but is effective enougph to prevent TCP spoofing, many SYN, PING, UDP etc attacks and does allow ISP to determine the source of any internet attack.
I stated many times that it would be desireable default behaviour for routers to never accept packets with source addresses for which it doesn't have route back thru the same interface. That prohibits IP src spoofing (and asymmetrical paths). When asymmetrical routing is what it desired that safeguard could be disabled on per-interface basis. In most networks asymmetrical routing is an indication of a bug in an IGP configuration, so early detection of the configuration problems would be an additional benefit. --vadim - - - - - - - - - - - - - - - - -
Current thread:
- Re: SYN floods continue, (continued)
- Re: SYN floods continue Joseph T. Klein (Sep 11)
- Re: SYN floods continue Avi Freedman (Sep 11)
- Re: SYN floods continue alex (Sep 11)
- Re: SYN floods continue Larry J. Plato (Sep 11)
- Re: SYN floods continue Joseph T. Klein (Sep 11)
- Re: SYN floods continue Michael Dillon (Sep 11)
- Re: SYN floods continueg Avi Freedman (Sep 11)
- Re: SYN floods continue Steven L. Johnson (Sep 11)
- Re: SYN floods continueh Avi Freedman (Sep 12)
- Re: SYN floods continue Sean Donelan (Sep 11)
- Re[2]: SYN floods continue Pat Calhoun (Sep 11)
- Re: SYN floods continue Vadim Antonov (Sep 11)
- Re: SYN floods continue Justin W. Newton (Sep 11)
- Re: SYN floods continue Vern Paxson (Sep 11)
- Re: SYN floods continue alex (Sep 11)
- Re: SYN floods continue Vadim Antonov (Sep 11)
- Re: SYN floods continue Jim Forster (Sep 13)
- Re: SYN floods continue Perry E. Metzger (Sep 13)
- Re: SYN floods continue Jim Forster (Sep 13)