[4297] in North American Network Operators' Group
Re: SYN floods continue
daemon@ATHENA.MIT.EDU (alex@relcom.EU.net)
Wed Sep 11 13:59:28 1996
Date: Wed, 11 Sep 96 21:52:33 +0400
To: jon@branch.com, jtk@nap.net
Cc: alexis@panix.com, nanog@merit.edu
From: alex@relcom.EU.net
BTW. Some time ago (when we used PC based routers and had all sources) we
discussed the same problem. One of the best solutions to prevent many kinds of
hacker's weapons is to allow customer send packets with SRC address ONLY
if this (SRC) address have routing via the same interface. This control is possible
only for one-homed customer but is effective enougph to prevent TCP spoofing,
many SYN, PING, UDP etc attacks and does allow ISP to determine the source of
any internet attack.
> > > reasonable for how to deal with this situation, long term, except for the
> >
> >
> If they modulate the phasers we just need to modulate the sheilds. :-O
But they always modulate phasers _BEFORE_ you modulate shields -:)
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)