[4329] in North American Network Operators' Group
Re: Re[2]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Joel Gallun)
Thu Sep 12 14:56:06 1996
Date: Thu, 12 Sep 1996 14:52:10 -0400 (EDT)
From: Joel Gallun <joel@wauug.erols.com>
To: "John G. Scudder" <jgs@ieng.com>
cc: curtis@ans.net, Pat Calhoun <pcalhoun@usr.com>, nanog@merit.edu
In-Reply-To: <v03007824ae5e06a40fbb@[198.108.88.23]>
What you propose is a Good Thing (tm), but I don't think it's sufficient.
It still doesn't protect the 'net from antisocial behavior perpetrated by
someone who has penetrated a system with dedicated access to the 'net. It
seems like it would still be necessary for anyone selling dedicated access
to install Good Neighboor (tm) anti-spoofing filters on their inbound
interfaces (which probably requires MIPS that the routers in the field
don't have).
Regards,
Joel
On Thu, 12 Sep 1996, John G. Scudder wrote:
> At 1:44 PM -0400 9/12/96, Curtis Villamizar wrote:
> >I agree with you completely -- sort of. Only problem is there are
> >thought to be some 3,000 dial access providers. Many of them barely
> >know what a TCP SYN is, let alone why they need to block ones with
> >random source addresses and how. Unless of course you are
> ^^^^^^^^^^^^^^^^^^^^^^^^
> >volunteering to explain it and help them. Thanks in advance. :-)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Curtis, this is a great point. USR and other NAS vendors are actually in a
> great position to do exactly this, by changing their boxes to block random
> addresses *by default* on dial-up ports. This is of course exactly the
> point Vadim and others keep making, and of course as they point out there
> ought to be a knob to disable it if desired.
>
> Insofar as guys who "barely know what a TCP SYN is" are unlikely to twist
> the knobs, defaulting filtering to "block spoofed addresses" seems like the
> best and maybe only way to get them to do it.
>
> How about it, USR &al?
>
> --John
>
> --
> John Scudder email: jgs@ieng.com
> Internet Engineering Group, LLC phone: (313) 669-8800
> 122 S. Main, Suite 280 fax: (313) 669-8661
> Ann Arbor, MI 41804 www: http://www.ieng.com
>
>
