Re: Re[2]: SYN floods (was: does history repeat itself?)

[Joel Gallun <joel () wauug erols com>]

What you propose is a Good Thing (tm), but I don't think it's sufficient.
It still doesn't protect the 'net from antisocial behavior perpetrated by
someone who has penetrated a system with dedicated access to the 'net. It
seems like it would still be necessary for anyone selling dedicated access
to install Good Neighboor (tm) anti-spoofing filters on their inbound
interfaces (which probably requires MIPS that the routers in the field
don't have).

Regards,

Joel

On Thu, 12 Sep 1996, John G. Scudder wrote:

> At 1:44 PM -0400 9/12/96, Curtis Villamizar wrote:
> > I agree with you completely -- sort of.  Only problem is there are
> > thought to be some 3,000 dial access providers.  Many of them barely
> > know what a TCP SYN is, let alone why they need to block ones with
> > random source addresses and how.  Unless of course you are
>                                    ^^^^^^^^^^^^^^^^^^^^^^^^
> > volunteering to explain it and help them.  Thanks in advance.  :-)
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Curtis, this is a great point.  USR and other NAS vendors are actually in a
> great position to do exactly this, by changing their boxes to block random
> addresses *by default* on dial-up ports.  This is of course exactly the
> point Vadim and others keep making, and of course as they point out there
> ought to be a knob to disable it if desired.
>
> Insofar as guys who "barely know what a TCP SYN is" are unlikely to twist
> the knobs, defaulting filtering to "block spoofed addresses" seems like the
> best and maybe only way to get them to do it.
>
> How about it, USR &al?
>
> --John
>
> --
> John Scudder                        email:  jgs () ieng com
> Internet Engineering Group, LLC     phone:  (313) 669-8800
> 122 S. Main, Suite 280              fax:    (313) 669-8661
> Ann Arbor, MI  41804                www:    http://www.ieng.com

- - - - - - - - - - - - - - - - -