[4271] in North American Network Operators' Group
Re: Re[4]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 10 15:01:52 1996
To: pcalhoun@usr.com (Pat Calhoun)
cc: chuckie@panix.com (Alec H. Peterson), Alexis Rosen <alexis@panix.com>,
nanog@merit.edu
In-reply-to: Your message of "Tue, 10 Sep 1996 13:21:45 CDT."
<234661D0.3000@usr.com>
Reply-To: perry@piermont.com
Date: Tue, 10 Sep 1996 14:57:14 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Pat Calhoun writes:
> However if you are filtering on your outbound router to the net,
> there is still the possbility that a malicious user could spoof
> addresses as long as they belong to your address space. By moving the
> filter out to the edge (when you have the equipment) this eliminates
> that problem as well.
I think thats less of a problem -- spoofing addresses inside the
network narrows down your origin enough that you are very likely to be
caught or shut down quickly. It might have an advantage in stopping
ankle-biter attacks against your own equipment by your users, though.
I think that agressively sanity-filtering the net at all junctions is
probably a good idea in general, though. Would that we had the CPU
power...
(Whats needed, I think, is a cheap box that just does filtering. If
it did it in hardware, it could be very fast (needed for high speed
lines) and possibly even cheap.
Perry