[24696] in North American Network Operators' Group
Re: SYN spoofing
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Aug 2 17:15:06 1999
Date: Mon, 2 Aug 1999 17:09:55 +0200 (CEST)
From: Randy Bush <randy@psg.com>
To: Joe Shaw <jshaw@insync.net>
Cc: John Fraizer <John.Fraizer@EnterZone.Net>,
Dan Hollis <goemon@sasami.anime.net>, bandregg@redhat.com,
nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
> How hard is it really to put a filter on your outbound links that says
> drop all ip traffic heading out these links that isn't from my IP space?
trivial. only one gotcha. if it is a backbone router, it will fall over
dead. beyond that, not a problem.
backbone level traffic can not be packet filtered by current real routers.
but we've had this discussion a few times already.
randy
