[4305] in North American Network Operators' Group
Re: SYN floods continueg
daemon@ATHENA.MIT.EDU (Bruce Robertson)
Wed Sep 11 16:25:04 1996
To: Avi Freedman <freedman@netaxs.com>
In-reply-to: Your message of "Wed, 11 Sep 1996 14:26:50 EDT."
<199609111826.OAA17494@netaxs.com>
Cc: nanog@merit.edu, generous@uucom.com
Date: Wed, 11 Sep 1996 13:20:14 -0700
From: Bruce Robertson <bruce@greatbasin.net>
>>>>> "Avi" == Avi Freedman <freedman@netaxs.com> writes:
Avi> This is actually an incoming filter...
Avi> acc 102 permit ip any 198.138.103.0 0.0.0.255
Ummmm.... disclaimer, I'm not an expert on this, but according to my
understanding of how Cisco access lists work, the incoming filter you
showed actually does nothing at all. The normal situation is that
packets are coming in from random addresses, destined for your
internal network. There is nothing in this filter that prevents your
own source addresses from being spoofed outside your border.
It seems to me that you want something more like this, which is what
we have in place:
acc 102 deny ip 198.138.103.0 0.0.0.255 any
...
acc 102 permit any any
It seems to work for us. Please let me know if I'm missing something here!
--
Bruce Robertson, President/CEO
Great Basin Internet Services, Inc.
+1-702-348-7299 fax: +1-702-348-9412