[4354] in North American Network Operators' Group
Re: SYN floods continue
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Sep 13 12:36:44 1996
To: Jim Forster <forster@cisco.com>
cc: Vadim Antonov <avg@quake.net>, alexis@panix.com, nanog@merit.edu,
dino@cisco.com, dkatz@cisco.com, dkerr@cisco.com, gchristy@cisco.com
In-reply-to: Your message of "Fri, 13 Sep 1996 09:17:59 PDT."
<199609131617.JAA19559@stilton.cisco.com>
Reply-To: perry@piermont.com
Date: Fri, 13 Sep 1996 12:34:16 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Jim Forster writes:
> > Again, the rule is "dont accept packets from an interface if there's no
> > route for their source addresses pointing back to the same interface".
> > Note that that route does not have to be the best one -- just that the
> > router gets it from somewhere.
>
> Without discussing it with the right folks here ahead of time, I suspect we
> could do this at good speed in some, but not all routers, in our product
> line.
[...]
> Now the big question: is this useful in routers carrying a default route?
I'm not entirely sure about what you mean, but I'd envision that the
best place to do this filtering would be in routers attached to
"end" customers, which frequently use default routes.
Perry
