Re: syn attack and source routing

["Brett D. Watson" <bwatson () genuity net>]

> From:    Hank Nussbacher <hank () ibm net il>
> Subject: Re: syn attack and source routing 
>
> Return-Path: <hank () ibm net il>
> X-Mailer: Chameleon ARM_55, TCP/IP for Windows, NetManage Inc.
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>
> On Wed, 18 Sep 1996 03:17:27 -0400  Curtis Villamizar wrote:
> > If source routing is blocked at the end site it doesn't help any
> > toturn it off in the backbones and turning it off destroys the ability
> > to trace routing problems that customers report (short of finger
> > pointing to another provider or giving the customer the run around by
> > successive handoffs to other NOCs debugging, any "I can't get there
> > from here" is sort of hopeless if you can't traceroute -g).
>
> Since more and more are blocking source routing and breaking traceroute -g
> then those that block it at their router should at the very least make 
> a WWW traceroute available from their system so as to diagnose those
> problems you mention.  Almost all those that I have in my web site
> (http://www.ibm.net.il/traceroute) are customers connected to major ISPs.
> I think the 10 majors should have on their backbones a WWW traceroute
> as above.

  i should have been more specific.  i don't like the idea (at all) of
breaking traceroute -g either.  i guess in a more general sense i
should ask "just how dangerous *is* having backbone-wide/internet-wide
loose source routing enabled?".

-brett


- - - - - - - - - - - - - - - - -