nanog mailing list archives
Re: SYN spoofing
From: "Ron Buchalski" <rbuchals () hotmail com>
Date: Tue, 03 Aug 1999 08:33:59 PDT
From: Randy Bush <randy () psg com> To: Joe Shaw <jshaw () insync net>CC: John Fraizer <John.Fraizer () EnterZone Net>,Dan Hollis <goemon () sasami anime net>, bandregg () redhat com,nanog () merit eduSubject: Re: SYN spoofing Date: Mon, 2 Aug 1999 17:09:55 +0200 (CEST) > How hard is it really to put a filter on your outbound links that says > drop all ip traffic heading out these links that isn't from my IP space? trivial. only one gotcha. if it is a backbone router, it will fall over dead. beyond that, not a problem. backbone level traffic can not be packet filtered by current real routers. but we've had this discussion a few times already. randy
Which is why it's more scaleable to do packet filtering at the edge, and leave the core to do what it does best...switch packets.
-rb _______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com
Current thread:
- Re: SYN spoofing Randy Bush (Aug 02)
- <Possible follow-ups>
- Re: SYN spoofing Ron Buchalski (Aug 03)
- Re: SYN spoofing Randy Bush (Aug 03)
- Re: SYN spoofing Daniel Senie (Aug 03)
- Re: SYN spoofing Randy Bush (Aug 03)
- Re: SYN spoofing Randy Bush (Aug 03)