nanog mailing list archives
Re: SYN spoofing
From: Dan Hollis <goemon () sasami anime net>
Date: Wed, 28 Jul 1999 14:47:29 -0700 (PDT)
On Wed, 28 Jul 1999, Jeremy Porter wrote:
You can at least conclusively show who is transporting the invalid-source-address-packets to the endpoint. That is, conclusively show that the next-to-last-hop isnt properly filtering.But that doesn't really do any good. They have valid reasons for not running IP verify unicast reverse path on their backbone routers due to asymetric routing.
Note I wasnt talking about RPF I was talking about bogons. The last few smurf attacks I saw, bogons were a large percentage of total smurf volume.
Maybe we should ask Cisco for a "no ip bogons" command.
Would be nice especially if it defaulted to on (like current 'no directed-broadcast').
Yes it would be good to filter. Maybe it should even be a BCP. Maybe the next router requirements should require routers to filter bogons at wire rate.
Well for terminal servers this should certainly be a reasonable requirement. An option to disconnect any port which is found to be sourcing invalid addresses would be excellent. It would certainly be a deterrent to the script kiddies if they knew each time they fired up the smurfer, that they automatically lose their connection.
Interprovider cooperation to track and filter the packets is the correct solution, however difficult it might be.
And how many years have we been screaming about this with no progress. There seems to be zero incentive for interprovider cooperation. We need to give them incentive. But what? -Dan
Current thread:
- Re: SYN spoofing, (continued)
- Re: SYN spoofing Wayne Bouchard (Jul 28)
- Re: SYN spoofing Daniel Senie (Jul 28)
- Re: SYN spoofing Forrest W. Christian (Jul 28)
- Re: SYN spoofing Deepak Jain (Jul 28)
- Re: SYN spoofing Dan Hollis (Jul 28)
- Re: SYN spoofing batz (Jul 28)
- Re: SYN spoofing Dan Hollis (Jul 28)
- Re: SYN spoofing Jeremy Porter (Jul 28)
- Re: SYN spoofing Dan Hollis (Jul 28)
- Re: SYN spoofing Jeremy Porter (Jul 28)
- Re: SYN spoofing Dan Hollis (Jul 28)
- Re: SYN spoofing John Fraizer (Jul 30)