nanog mailing list archives
Re: syn attack and source routing
From: John Hawkinson <jhawk () bbnplanet com>
Date: Wed, 18 Sep 1996 17:28:09 -0400 (EDT)
Want to wait until SYN attacks are augmented with LSRR-enabled traffic randomization to the point of making it nearly impossible to trace?
They're optioned packets, I imagine tracing them is easier and one is able to bludgeon one's vendor into putting in better tracing for you without them having a cow.
People knew about SYN flooding for years. Nothing happened until s*t hit the fan. I strongly suspect that LSRR is of the same category.
I doubt it. As I said, anyone who's affected can cure themselves.
Please don't take our LSRR away from us, it is very useful.Per se, LSRR is not useful. traceroute -g is.
Lately I feel like I'm the single person on the planet who actually uses LSRR for stuff. I do use loose source telnet on the average of once a week...
Why not to implement something saner like traceroute servers?
You go implement your traceroute servers everywhere I need them and THEN come back and ask me to shut it off and I'll consider it.
Or better yet, the ICMP TRACEROUTE message, which would go hop by hop and on every hop generates a response message. Augmented with PROXY TRACEROUTE which will cause the destination box to send out the ICMP TRACEROUTE. I can write RFC in my copious spare time if you think that this makes more sense than the UDP kludge.
I'm not convinced it makes more sense. As I said to smd in response to his similar comments, the beauty of the current traceroute is that it's hard for idiots to turn it off. Very few other solutions have this wonderful property. --jhawk - - - - - - - - - - - - - - - - -
Current thread:
- syn attack and source routing Brett D. Watson (Sep 17)
- Re: syn attack and source routing Curtis Villamizar (Sep 18)
- <Possible follow-ups>
- Re: syn attack and source routing Hank Nussbacher (Sep 18)
- BCP writers Michael Dillon (Sep 18)
- Re: syn attack and source routing Brett D. Watson (Sep 18)
- Re: syn attack and source routing John Hawkinson (Sep 18)
- Re: syn attack and source routing Brett D. Watson (Sep 18)
- Re: syn attack and source routing Vadim Antonov (Sep 18)
- Re: syn attack and source routing Paul A Vixie (Sep 18)
- Re: syn attack and source routing Alexis Rosen (Sep 27)
- Re: syn attack and source routing John Hawkinson (Sep 18)
- Re: syn attack and source routing Alec H. Peterson (Sep 19)
- Re: syn attack and source routing Curtis Villamizar (Sep 18)
- Re: syn attack and source routing Paul A Vixie (Sep 18)
- Re: syn attack and source routing Vadim Antonov (Sep 18)
- Re: syn attack and source routing Vadim Antonov (Sep 18)
- Re: syn attack and source routing Paul Ferguson (Sep 21)
- Re: syn attack and source routing Jeff Young (Sep 21)
- Re: syn attack and source routing Vadim Antonov (Sep 21)
- Re: syn attack and source routing Vadim Antonov (Sep 27)