[4326] in North American Network Operators' Group
Re: Re[2]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Justin W. Newton)
Thu Sep 12 14:34:37 1996
Date: Thu, 12 Sep 1996 14:43:29 -0400
To: curtis@ans.net, pcalhoun@usr.com (Pat Calhoun)
From: "Justin W. Newton" <justin@erols.com>
Cc: nanog@merit.edu, "Perry E. Metzger" <perry@piermont.com>
At 01:44 PM 9/12/96 -0400, Curtis Villamizar wrote:
>I agree with you completely -- sort of. Only problem is there are
>thought to be some 3,000 dial access providers. Many of them barely
>know what a TCP SYN is, let alone why they need to block ones with
>random source addresses and how. Unless of course you are
>volunteering to explain it and help them. Thanks in advance. :-)
We are currently blocking any outgoing packets which have a source address
which is not advertised by us. I have also crossposted Avi's and Craig's
access filter list for Border routers to the inet-access mailing list which
has approx 2,000 subscribers, mostly small ISP's. Maybe it'll help. Maybe
not.
Justin Newton
Internet Architect
Erol's Internet Services
