[4327] in North American Network Operators' Group
Re: Re[2]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (John G. Scudder)
Thu Sep 12 14:36:43 1996
In-Reply-To: <199609121744.NAA13973@brookfield.ans.net>
Date: Thu, 12 Sep 1996 14:33:52 -0400
To: curtis@ans.net
From: "John G. Scudder" <jgs@ieng.com>
Cc: pcalhoun@usr.com (Pat Calhoun), nanog@merit.edu
At 1:44 PM -0400 9/12/96, Curtis Villamizar wrote:
>I agree with you completely -- sort of. Only problem is there are
>thought to be some 3,000 dial access providers. Many of them barely
>know what a TCP SYN is, let alone why they need to block ones with
>random source addresses and how. Unless of course you are
^^^^^^^^^^^^^^^^^^^^^^^^
>volunteering to explain it and help them. Thanks in advance. :-)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Curtis, this is a great point. USR and other NAS vendors are actually in a
great position to do exactly this, by changing their boxes to block random
addresses *by default* on dial-up ports. This is of course exactly the
point Vadim and others keep making, and of course as they point out there
ought to be a knob to disable it if desired.
Insofar as guys who "barely know what a TCP SYN is" are unlikely to twist
the knobs, defaulting filtering to "block spoofed addresses" seems like the
best and maybe only way to get them to do it.
How about it, USR &al?
--John
--
John Scudder email: jgs@ieng.com
Internet Engineering Group, LLC phone: (313) 669-8800
122 S. Main, Suite 280 fax: (313) 669-8661
Ann Arbor, MI 41804 www: http://www.ieng.com
