[4319] in North American Network Operators' Group
Re: SYN floods continue
daemon@ATHENA.MIT.EDU (alex@relcom.eu.net)
Thu Sep 12 02:53:27 1996
Date: Thu, 12 Sep 96 10:44:05 +0400
To: avg@quake.net, vern@ee.lbl.gov
Cc: alex@relcom.eu.net, alexis@panix.com, jon@branch.com, jtk@nap.net,
nanog@merit.edu
From: alex@relcom.eu.net
> > That prohibits IP src spoofing (and asymmetrical paths).
> > ...
> > In most networks asymmetrical routing is an indication of a bug in
> > an IGP configuration, so early detection of the configuration problems
> > would be an additional benefit.
>
> In my Internet end-to-end routing study I found that fully 50% of the pairs
> of paths through the Internet had a major asymmetry at the end of 1995.
> "Major" meaning: visited at least one different city in the two directions.
> (30% visited at least one different AS.) This was a significant increase
> over the same figure for the end of 1994, 30%. So it may be quite hard to
> make and keep Internet routing symmetric.
>
But anyway, it's very important to restrict outgoing traffic of the
usial customers by their own SRC addresses. It's difficult to stop
rocket when it's flying in the cosmic space, but it's easy to destroy
in on the starting part of it's trace. (Remember about _strategin defence
iniciative_ /I do not know it's name in english/ -:)).
And this coud be realised by router's vendor easily.
---
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
