[24648] in North American Network Operators' Group
Re: SYN spoofing
daemon@ATHENA.MIT.EDU (Greg A. Woods)
Wed Jul 28 13:33:30 1999
Date: Wed, 28 Jul 1999 13:31:51 -0400 (EDT)
From: woods@most.weird.com (Greg A. Woods)
To: nanog@merit.edu
In-Reply-To: Daniel Senie's message
of "Wednesday, July 28, 1999 11:21:35 -0400"
regarding "Re: SYN spoofing"
id <379F1FFF.7229F1DE@senie.com>
Reply-To: nanog@merit.edu (North America Network Operators Group)
Errors-To: owner-nanog-outgoing@merit.edu
[ On Wednesday, July 28, 1999 at 11:21:35 (-0400), Daniel Senie wrote: ]
> Subject: Re: SYN spoofing
>
> I suspect most deployed routers do at least some filtering of packets on
> most or all interefaces. In the past, some routers couldn't do these
> lookups efficiently on source addresses, but that's really an
> implementation issue. It's *possible* to design hardware that can handle
> it, if there's a business case for doing so. ISPs should be interested
> in doing such filtering.
In fact it's easy to buy off-the-shelf hardware today that can do
wire-speed filtering, assuming one has worked such costs into the budget
of building a network backbone....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
