nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: syn attack and source routing

From: John Hawkinson <jhawk () bbnplanet com>
Date: Wed, 18 Sep 1996 17:28:09 -0400 (EDT)
Want to wait until SYN attacks are augmented with LSRR-enabled
traffic randomization to the point of making it nearly impossible
to trace?


They're optioned packets, I imagine tracing them is easier and one is
able to bludgeon one's vendor into putting in better tracing
for you without them having a cow.


People knew about SYN flooding for years.  Nothing happened until
s*t hit the fan.  I strongly suspect that LSRR is of the same
category.


I doubt it. As I said, anyone who's affected can cure themselves.


Please don't take our LSRR away from us, it is very useful.


Per se, LSRR is not useful.  traceroute -g is.


Lately I feel like I'm the single person on the planet who actually
uses LSRR for stuff. I do use loose source telnet on the average
of once a week...


Why not to implement something saner like traceroute servers?


You go implement your traceroute servers everywhere I need them
and THEN come back and ask me to shut it off and I'll consider it.


Or better yet, the ICMP TRACEROUTE message, which would go
hop by hop and on every hop generates a response message.
Augmented with PROXY TRACEROUTE which will cause the destination
box to send out the ICMP TRACEROUTE.

I can write RFC in my copious spare time if you think that this
makes more sense than the UDP kludge.


I'm not convinced it makes more sense. As I said to smd in response to
his similar comments, the beauty of the current traceroute is that
it's hard for idiots to turn it off. Very few other solutions have
this wonderful property.

--jhawk
- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: