[4110] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (nelson@crynwr.com)
Tue Aug 20 12:40:54 1996
Date: 20 Aug 1996 15:30:18 -0000
From: nelson@crynwr.com
To: linux-net@vger.rutgers.edu
In-Reply-To: <199608201510.PAA11624@sliderule.geek.org.uk>
Lefty writes:
> > What is supposed to solve it is that a) any competent provider and
> > backbone providers links should be filtering frames with a bogus source
> > address and b) because of that you know where the frames really came
> > from.
>
> Well, I dont think that this is the total solution.. All a Syn flooder
> requires is a valid routable address with no machine atached to it..
> while 1.2.3.4 works, you will prolly get a host unreachable or network
> unreachable, which will kill the connect.. However how many ISP's have
> dynamic IP's that arent in use? It would be very easy for me to find
> a couple and syn flood from that, how would a provider know to block those
> IP's? And with the new small almost clueless new ISP's that are going
> up, its not conceivable that the provider can block their own addrs as that
> isnt a default install..
I don't think you understand. All that needs happen is that, e.g., my
provider should block all source addresses that it doesn't have a
destination route to. So for my network, if it doesn't say "from
192.203.178.*", it doesn't pass my router. In other words, it should
prohibit non-symmetric routing.
-russ <nelson@crynwr.com> http://www.crynwr.com/~nelson
Crynwr Software sells packet driver support | PGP ok
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Corporations persuade;
Potsdam, NY 13676 | +1 315 268 9201 FAX | governments coerce.
