[4285] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: SYN floods continue

daemon@ATHENA.MIT.EDU (Sean Donelan)
Wed Sep 11 09:21:35 1996

Date: Wed, 11 Sep 1996 8:18:36 -0500 (CDT)
From: Sean Donelan <SEAN@SDG.DRA.COM>
To: nanog@merit.edu

>Until this problem becomes gigantic enough that it affects large networks
>such as MCI, Sprint, UUNet, etc. I don't predict much will be done.  

History is such a strange beast.

I believe one of Sprint's engineers called for this type of filtering
several years ago.  AT&T's WorldNet advertises something called "source
address assurance" on their network.  ANS did some filtering at one point,
but I was never very clear what exactly they were checking.

I don't think you can blame the lack of action solely on the large
networks.  Raise your hands, how many little providers didn't have
outbound filters/access-lists on their networks before you were
attacked?  How many didn't have inbound filters/access-lists on
their customer networks?

The Mobile IP folks complained this would prevent their work last time
this came up.  Since then firewalls have led to the increased use of
tunnelling for Mobile IP, so this may not be as much of a concern now.

This might be a nice addition to RtConfig.
-- 
Sean Donelan, Data Research Associates, Inc, St. Louis, MO
  Affiliation given for identification not representation

home help back first fref pref prev next nref lref last post