nanog mailing list archives

Re: SYN spoofing


From: Randy Bush <randy () psg com>
Date: Tue, 3 Aug 1999 08:45:50 -0700 (PDT)


backbone level traffic can not be packet filtered by current real routers.
but we've had this discussion a few times already.
Which is why it's more scaleable to do packet filtering at the edge, and 
leave the core to do what it does best...switch packets.

yup, that is the conclusion which was reached every one of the many times
this has been discused over the last years.  in the future, there may come
real routers (i.e. routers which can be and are usable by large isps on
large capacity circuits) which have more per-packet processing power at a
low enough level of the implementation (i.e. silicon) to allow backbones to
filter bogons.  also note that reverse-route checks don't work in meshes of
any complexity, i.e. backbones.

randy



Current thread: