[27318] in North American Network Operators' Group
Re: Internet SYN Flooding, spoofing attacks
daemon@ATHENA.MIT.EDU (Vijay Gill)
Fri Feb 11 21:29:22 2000
Date: Fri, 11 Feb 2000 21:27:24 -0500 (EST)
From: Vijay Gill <wrath@cs.umbc.edu>
To: Paul Ferguson <ferguson@cisco.com>
Cc: nanog@merit.edu
In-Reply-To: <4.2.2.20000211211503.00a53bb0@lint.cisco.com>
Message-ID: <Pine.SOL.3.95.1000211212237.17799I-100000@mailserver-ng.cs.umbc.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
IETF removed from the distribution list.
On Fri, 11 Feb 2000, Paul Ferguson wrote:
> >unicast RPF, but the best compromise is the built-in access filter. The
> >solution must be general enough to work for multihomed, defaulting out
> >customers with blocks from n providers,
>
> No, that is a common misconception, or rather, an overstatement of
> a pretty easily described situation. It only breaks things in transit
> situations, and only in transit situations where you might not have
> the same forwarding path back to the source as you would via the same
> interface a packet came in on.
This is more common than you might believe. For Dialup and single homed,
yes, this is not a problem in most cases. For a very large customer base,
this problem does not scale all that well, especially for the large
backbone carriers who are transiting a lot of traffic. As the internet
grows more important to business, more and more people multihome.
> This is a small percentage, I would thing, since the percentage of
> ISP's offering transit pales in comparison to all other "access"
> ISP's that do not. And in cases where ISP's _do_ offer transit, or
> have transit agreements, will they really do this on their transit
> interfaces? I think not.
I think you're solving something else. I submit that almost _all_ isp's
offer transit for their customers. Thats where the I part of the SP comes
in. For _peering_ links (peering being defined elsewhere), yes, this is a
hard problem, but on the edges of the _peers_, this is not. If everyone
filtered their T1/DSx/OCx/E1/E3/STMx customers at their edges, using
Unicast RPF where appropriate and filters where appropriate, life would
become better.
/vijay
