[4293] in North American Network Operators' Group
Re[2]: SYN floods continue
daemon@ATHENA.MIT.EDU (Pat Calhoun)
Wed Sep 11 12:28:12 1996
Date: Wed, 11 Sep 1996 11:00:39 -0500
From: pcalhoun@usr.com (Pat Calhoun)
To: nanog@merit.edu, Sean Donelan <SEAN@SDG.DRA.COM>
This is a Mime message, which your current mail reader
may not understand. Parts of the message will appear as
text. To process the remainder, you will need to use a Mime
compatible mail reader. Contact your vendor for details.
--IMA.Boundary.992273248
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Description: cc:Mail note part
At the expense of sounding very redudant, filtering at the edge will
allow Mobility to work within your network since you do not need to
filter on the outbound router based on a source address which belongs
to your address space (and clearly in the case of mobility, the
station has an address which belongs to his home network).
Pat R. Calhoun e-mail: pcalhoun@usr.com
Project Engineer - Lan Access R&D phone: (847) 933-5181
US Robotics Access Corp.
______________________________ Reply Separator _________________________________
Subject: Re: SYN floods continue
Author: Sean Donelan <SEAN@SDG.DRA.COM> at Internet
Date: 9/11/96 8:18 AM
>Until this problem becomes gigantic enough that it affects large networks
>such as MCI, Sprint, UUNet, etc. I don't predict much will be done.
History is such a strange beast.
I believe one of Sprint's engineers called for this type of filtering
several years ago. AT&T's WorldNet advertises something called "source
address assurance" on their network. ANS did some filtering at one point,
but I was never very clear what exactly they were checking.
I don't think you can blame the lack of action solely on the large
networks. Raise your hands, how many little providers didn't have
outbound filters/access-lists on their networks before you were
attacked? How many didn't have inbound filters/access-lists on
their customer networks?
The Mobile IP folks complained this would prevent their work last time
this came up. Since then firewalls have led to the increased use of
tunnelling for Mobile IP, so this may not be as much of a concern now.
This might be a nice addition to RtConfig.
--
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
Affiliation given for identification not representation
--IMA.Boundary.992273248
Content-Type: text/plain; charset=US-ASCII; name="RFC822 message headers"
Content-Transfer-Encoding: 7bit
Content-Description: cc:Mail note part
Content-Disposition: attachment; filename="RFC822 message headers"
Received: from usr.com (mailgate.usr.com) by robogate2.usr.com with SMTP
(IMA Internet Exchange 2.02 Enterprise) id 2356A400; Tue, 10 Sep 96 08:16:48
-0500
Received: from merit.edu by usr.com (8.7.5/3.1.090690-US Robotics)
id IAA06717; Wed, 11 Sep 1996 08:20:09 -0500 (CDT)
Received: from localhost (daemon@localhost) by merit.edu (8.7.5/merit-2.0) with
SMTP id JAA03563; Wed, 11 Sep 1996 09:18:51 -0400 (EDT)
Received: by merit.edu (bulk_mailer v1.5); Wed, 11 Sep 1996 09:18:40 -0400
Received: (from daemon@localhost) by merit.edu (8.7.5/merit-2.0) id JAA03543 for
nanog-outgoing; Wed, 11 Sep 1996 09:18:39 -0400 (EDT)
Received: from SDG.DRA.COM (sdg.dra.com [192.65.218.29]) by merit.edu
(8.7.5/merit-2.0) with SMTP id JAA03538 for <nanog@merit.edu>; Wed, 11 Sep 1996
09:18:37 -0400 (EDT)
Date: Wed, 11 Sep 1996 8:18:36 -0500 (CDT)
From: Sean Donelan <SEAN@SDG.DRA.COM>
To: nanog@merit.edu
Message-Id: <960911081836.247c@SDG.DRA.COM>
Subject: Re: SYN floods continue
Sender: owner-nanog@merit.edu
--IMA.Boundary.992273248--
