Re: Internet SYN Flooding, spoofing attacks

[Vijay Gill <wrath () cs umbc edu>]

IETF removed from the distribution list.

On Fri, 11 Feb 2000, Paul Ferguson wrote:

> > unicast RPF, but the best compromise is the built-in access filter.  The
> > solution must be general enough to work for multihomed, defaulting out
> > customers with blocks from n providers,
>
> No, that is a common misconception, or rather, an overstatement of
> a pretty easily described situation. It only breaks things in transit
> situations, and only in transit situations where you might not have
> the same forwarding path back to the source as you would via the same
> interface a packet came in on.

This is more common than you might believe.  For Dialup and single homed,
yes, this is not a problem in most cases.  For a very large customer base,
this problem does not scale all that well, especially for the large
backbone carriers who are transiting a lot of traffic.  As the internet
grows more important to business, more and more people multihome.

> This is a small percentage, I would thing, since the percentage of
> ISP's offering transit pales in comparison to all other "access"
> ISP's that do not. And in cases where ISP's _do_ offer transit, or
> have transit agreements, will they really do this on their transit
> interfaces? I think not.

I think you're solving something else.  I submit that almost _all_ isp's
offer transit for their customers.  Thats where the I part of the SP comes
in.  For _peering_ links (peering being defined elsewhere), yes, this is a
hard problem, but on the edges of the _peers_, this is not.  If everyone
filtered their T1/DSx/OCx/E1/E3/STMx customers at their edges, using
Unicast RPF where appropriate and filters where appropriate, life would
become better.

/vijay