[4333] in North American Network Operators' Group
Re: Re[2]: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Alex.Bligh)
Thu Sep 12 15:51:51 1996
To: Michael Dillon <michael@memra.com>
cc: nanog@merit.edu
In-reply-to: Your message of "Thu, 12 Sep 1996 12:09:44 PDT."
<Pine.BSI.3.93.960912120219.6709D-100000@sidhe.memra.com>
Date: Thu, 12 Sep 1996 20:44:10 +0100
From: "Alex.Bligh" <amb@xara.net>
> On Thu, 12 Sep 1996, John G. Scudder wrote:
>
> > Insofar as guys who "barely know what a TCP SYN is" are unlikely to twist
> > the knobs, defaulting filtering to "block spoofed addresses" seems like the
> > best and maybe only way to get them to do it.
>
> If we can get config instructions for all the popular NAS boxes like
> Ascend, Livingston, USR etc. posted to a web page somewher then we can get
> the word out to a lot of ISP's via the 7 or 8 ISP mailing lists,
> Boardwatch magazine and USENET. But for the benefit of those maginally
> clueful people out there we need to have some fairly explicit
> instructions.
Don't forget Linux and the various BSD stuff. Quite a few people
run modems with these as terminal servers. Certainly this
would be trivial in Linux, from experience.
It would probably be advisable to be able to disable this on a per
i/f basis as there are a few people who intentionally have locally
assymetric routing (pile of Maxen with 2 routers for redundancy
and load-sharing for instance) but could still work
with spoofed source IP address filtering on the modem
ends.
Alex Bligh
Xara Networks
