[4142] in linux-net channel archive
Re: SYN floods
daemon@ATHENA.MIT.EDU (Ralf Baechle)
Thu Aug 22 06:18:49 1996
To: submit-linux-dev-net@ratatosk.yggdrasil.com
From: ralf@julia.de (Ralf Baechle)
Date: 22 Aug 1996 09:07:53 GMT
To: alan@cymru.net
In article <199608201545.QAA08566@snowcrash.cymru.net>, Alan Cox <alan@cymru.net> writes:
|> > dynamic IP's that arent in use? It would be very easy for me to find
|> > a couple and syn flood from that, how would a provider know to block those
|> > IP's? And with the new small almost clueless new ISP's that are going
|> > up, its not conceivable that the provider can block their own addrs as that
|> > isnt a default install..
|>
|> Whoa stop.
|>
|> Its up to ISP's to filter addresses coming FROM their network which are
|> not their own addresses. I would dearly like the big providers to write
|> that into their acceptable use policy as a requirement. These problems
|> have to be stopped _at_source_, and the random clueless provider is a
|> hazard to all otherwise. We don't allow people to run telephone companies
|> without showing some degree of sense so they wont upset the existing
|> infrastructure, so why do we allow ISP's to get away with it to the bad
|> suffering of other ISPs ?
Unfortunately lots of ISPs don't filter their addresses very good. Some
time ago I tried to do traceroute RFC1597 addresses. My packets came about
ten hops into Xlink's (Germany's second largest provider ...) network. The
absolute killer then was tracing the route to 127.0.0.1 - that was a Max
in .ca. I'll never believe an ISP again ...
Reason enough why a Linux distribution should make it easy to install at least
simple filtering rules even for newbies.
Ralf
--
A weird imagination is most useful to gain full advantage
of all the features - manpage of amd(8).
