Re: syn attack and source routing

[Vadim Antonov <avg () quake net>]

John Hawkinson <jhawk () bbnplanet com> wrote:

>   i should have been more specific.  i don't like the idea (at all) of
> breaking traceroute -g either.  i guess in a more general sense i
> should ask "just how dangerous *is* having backbone-wide/internet-wide
> loose source routing enabled?".

> As Curtis explained, "not very".

Want to wait until SYN attacks are augmented with LSRR-enabled
traffic randomization to the point of making it nearly impossible
to trace?

People knew about SYN flooding for years.  Nothing happened until
s*t hit the fan.  I strongly suspect that LSRR is of the same
category.

> This is a very different case from that of SYN flooding, where the
> victims are powerless to stop it.

Now, providers being unable to trace would be a nice addition.

> Please don't take our LSRR away from us, it is very useful.

Per se, LSRR is not useful.  traceroute -g is.

Why not to implement something saner like traceroute servers?

Or better yet, the ICMP TRACEROUTE message, which would go
hop by hop and on every hop generates a response message.
Augmented with PROXY TRACEROUTE which will cause the destination
box to send out the ICMP TRACEROUTE.

I can write RFC in my copious spare time if you think that this
makes more sense than the UDP kludge.

> Campaigning to remove something just because you suspect it might be
> bad is really not nice -- it will result in random clueless people
> believeing you when perchance they should not :-)

Ah. I love the "the moozhik won't cross until thunder rolls" attitude.

--vadim
- - - - - - - - - - - - - - - - -