nanog mailing list archives
Re: syn attack and source routing
From: "Jeff Young" <young () mci net>
Date: Sat, 21 Sep 1996 12:47:17 -0400
i think that the better fix for the spoofing scare was to filter at the edges of your network for your own source addresses so that no one could send to your networks with a source address of your networks. i don't believe that this will disable lsrr. we're now completing the cycle and suggesting that we should also prevent folks from sourcing packets in their networks destined to flow the opposite direction with anything other than the real source addresses in their networks. i haven't thought about it much, but i'm sure that someone here would know, could you use lsrr to launch the predictive-seq-#- spoofing attack? Jeff Young young () mci net
Return-Path: owner-nanog () merit edu Received: from merit.edu (merit.edu [35.1.1.42]) by postoffice.Reston.mci.net (8.7.5/8.7.3) with ESMTP id LAA00317; Sat, 21 Sep 1996 11:49:57 -0400 (EDT) Received: from localhost (daemon@localhost) by merit.edu (8.7.6/merit-2.0) with SMTP id LAA25996; Sat, 21 Sep 1996 11:42:36 -0400 (EDT) Received: by merit.edu (bulk_mailer v1.5); Sat, 21 Sep 1996 11:42:22 -0400 Received: (from daemon@localhost) by merit.edu (8.7.6/merit-2.0) id LAA25972 for nanog-outgoing; Sat, 21 Sep 1996 11:42:22 -0400 (EDT) Received: from diablo.cisco.com (diablo.cisco.com [171.68.223.106]) by merit.edu (8.7.6/merit-2.0) with SMTP id LAA25967 for <nanog () merit edu>; Sat, 21 Sep 1996 11:42:19 -0400 (EDT) Received: from pferguso-pc.cisco.com (dhcp-restontel-84.cisco.com [171.68.52.84]) by diablo.cisco.com (8.6.12/CISCO.SERVER.1.1) with SMTP id IAA10483; Sat, 21 Sep 1996 08:41:45 -0700 Message-Id: <2.2.32.19960921154145.00ad0984 () lint cisco com> X-Sender: pferguso () lint cisco com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Date: Sat, 21 Sep 1996 11:41:45 -0400 To: John Hawkinson <jhawk () bbnplanet com> From: Paul Ferguson <pferguso () cisco com> Subject: Re: syn attack and source routing Cc: nanog () merit edu Sender: owner-nanog () merit edu Content-Type: text/plain; charset="us-ascii" Content-Length: 841 Deja vu. Didn't this same topic crop up a couple of years ago when the IP spoofing-sky-is-falling scare began? If I'm not remiss, the discussion drifted towards encouraging end-system networks to disable source-routing at the entrance to their networks if they were paranoid, but encourage ISP's & transit providers to allow it. - paul At 01:18 PM 9/18/96 -0400, John Hawkinson wrote:Worst case, those folks feeling victimized can (and do!) simply shut it off. This is a very different case from that of SYN flooding, where the victims are powerless to stop it. Please don't take our LSRR away from us, it is very useful. Campaigning to remove something just because you suspect it might be bad is really not nice -- it will result in random clueless people believeing you when perchance they should not :-) --jhawk
- - - - - - - - - - - - - - - - -
Current thread:
- Re: syn attack and source routing, (continued)
- Re: syn attack and source routing Brett D. Watson (Sep 18)
- Re: syn attack and source routing Vadim Antonov (Sep 18)
- Re: syn attack and source routing Paul A Vixie (Sep 18)
- Re: syn attack and source routing Alexis Rosen (Sep 27)
- Re: syn attack and source routing John Hawkinson (Sep 18)
- Re: syn attack and source routing Alec H. Peterson (Sep 19)
- Re: syn attack and source routing Curtis Villamizar (Sep 18)
- Re: syn attack and source routing Paul A Vixie (Sep 18)
- Re: syn attack and source routing Vadim Antonov (Sep 18)
- Re: syn attack and source routing Vadim Antonov (Sep 18)
- Re: syn attack and source routing Paul Ferguson (Sep 21)
- Re: syn attack and source routing Jeff Young (Sep 21)
- Re: syn attack and source routing Vadim Antonov (Sep 21)
- Re: syn attack and source routing Vadim Antonov (Sep 27)