[24663] in North American Network Operators' Group
Re: SYN spoofing
daemon@ATHENA.MIT.EDU (Dan Hollis)
Wed Jul 28 17:57:06 1999
Date: Wed, 28 Jul 1999 14:19:01 -0700 (PDT)
From: Dan Hollis <goemon@sasami.anime.net>
To: Jeremy Porter <jerry@fc.net>
Cc: John Fraizer <John.Fraizer@EnterZone.Net>, bandregg@redhat.com,
nanog@merit.edu
In-Reply-To: <199907281959.OAA14966@freeside.fc.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 28 Jul 1999, Jeremy Porter wrote:
> In message <Pine.LNX.4.10.9907281242140.18497-100000@anime.net>, Dan Hollis wr
> ites:
> >Anyone for a weekly 'bogons transit list'?
> The problem being, that you would need to know where these packets
> originated, and if you knew that, you could probably get the problem
> fixed in the first place.
You really think so? Some of us have tried to persuade the 'big names' to
filter completely bogus source addresses, and were blown off.
> Lack of a soci-technological solution for interprovider backtracing
> limits the utility of this, and since you can't really pin point the 10
> ten bogon transit providers you don't have much ability to shame people
> into fixing their stuff.
You can at least conclusively show who is transporting the
invalid-source-address-packets to the endpoint. That is, conclusively show
that the next-to-last-hop isnt properly filtering.
-Dan
