nanog mailing list archives
Re[2]: SYN floods continue
From: pcalhoun () usr com (Pat Calhoun)
Date: Wed, 11 Sep 1996 11:00:39 -0500
At the expense of sounding very redudant, filtering at the edge will allow Mobility to work within your network since you do not need to filter on the outbound router based on a source address which belongs to your address space (and clearly in the case of mobility, the station has an address which belongs to his home network). Pat R. Calhoun e-mail: pcalhoun () usr com Project Engineer - Lan Access R&D phone: (847) 933-5181 US Robotics Access Corp. ______________________________ Reply Separator _________________________________ Subject: Re: SYN floods continue Author: Sean Donelan <SEAN () SDG DRA COM> at Internet Date: 9/11/96 8:18 AM
Until this problem becomes gigantic enough that it affects large networks such as MCI, Sprint, UUNet, etc. I don't predict much will be done.
History is such a strange beast. I believe one of Sprint's engineers called for this type of filtering several years ago. AT&T's WorldNet advertises something called "source address assurance" on their network. ANS did some filtering at one point, but I was never very clear what exactly they were checking. I don't think you can blame the lack of action solely on the large networks. Raise your hands, how many little providers didn't have outbound filters/access-lists on their networks before you were attacked? How many didn't have inbound filters/access-lists on their customer networks? The Mobile IP folks complained this would prevent their work last time this came up. Since then firewalls have led to the increased use of tunnelling for Mobile IP, so this may not be as much of a concern now. This might be a nice addition to RtConfig. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
Attachment:
RFC822 message headers
Description: cc:Mail note part
Current thread:
- Re: SYN floods continue, (continued)
- Re: SYN floods continue Jon Zeeff (Sep 11)
- Re: SYN floods continue Joseph T. Klein (Sep 11)
- Re: SYN floods continue Avi Freedman (Sep 11)
- Re: SYN floods continue alex (Sep 11)
- Re: SYN floods continue Larry J. Plato (Sep 11)
- Re: SYN floods continue Joseph T. Klein (Sep 11)
- Re: SYN floods continue Michael Dillon (Sep 11)
- Re: SYN floods continueg Avi Freedman (Sep 11)
- Re: SYN floods continue Steven L. Johnson (Sep 11)
- Re: SYN floods continueh Avi Freedman (Sep 12)
- Re: SYN floods continue Sean Donelan (Sep 11)
- Re[2]: SYN floods continue Pat Calhoun (Sep 11)
- Re: SYN floods continue Vadim Antonov (Sep 11)
- Re: SYN floods continue Justin W. Newton (Sep 11)
- Re: SYN floods continue Vern Paxson (Sep 11)
- Re: SYN floods continue alex (Sep 11)
- Re: SYN floods continue Vadim Antonov (Sep 11)
- Re: SYN floods continue Jim Forster (Sep 13)
- Re: SYN floods continue Perry E. Metzger (Sep 13)
- Re: SYN floods continue Jim Forster (Sep 13)
- Re: SYN floods continue Jon Zeeff (Sep 11)