nanog mailing list archives

Re: SYN spoofing

From: Dan Hollis <goemon () sasami anime net>
Date: Wed, 28 Jul 1999 14:19:01 -0700 (PDT)


On Wed, 28 Jul 1999, Jeremy Porter wrote:

In message <Pine.LNX.4.10.9907281242140.18497-100000 () anime net>, Dan Hollis wr
ites:

Anyone for a weekly 'bogons transit list'?

The problem being, that you would need to know where these packets
originated, and if you knew that, you could probably get the problem
fixed in the first place.


You really think so? Some of us have tried to persuade the 'big names' to
filter completely bogus source addresses, and were blown off.

Lack of a soci-technological solution for interprovider backtracing
limits the utility of this, and since you can't really pin point the 10
ten bogon transit providers you don't have much ability to shame people
into fixing their stuff.


You can at least conclusively show who is transporting the
invalid-source-address-packets to the endpoint. That is, conclusively show
that the next-to-last-hop isnt properly filtering.

-Dan

Current thread:

Re: SYN spoofing, (continued)
- - - Re: SYN spoofing Greg A. Woods (Jul 28)
    - Re: SYN spoofing Vijay Gill (Jul 28)
    - Re: SYN spoofing Wayne Bouchard (Jul 28)
    - Re: SYN spoofing Daniel Senie (Jul 28)
    - Re: SYN spoofing Forrest W. Christian (Jul 28)
    - Re: SYN spoofing Deepak Jain (Jul 28)
    - Re: SYN spoofing Dan Hollis (Jul 28)
    - Re: SYN spoofing batz (Jul 28)
    - Re: SYN spoofing Dan Hollis (Jul 28)
    - Re: SYN spoofing Jeremy Porter (Jul 28)
    - Re: SYN spoofing Dan Hollis (Jul 28)
    - Re: SYN spoofing Jeremy Porter (Jul 28)
    - Re: SYN spoofing Dan Hollis (Jul 28)
    - Re: SYN spoofing John Fraizer (Jul 30)
- Re: SYN spoofing Deepak Jain (Jul 28)