[4371] in North American Network Operators' Group
Re: SYN floods (was: does history repeat itself?)
daemon@ATHENA.MIT.EDU (Mr. Jeremy Hall)
Fri Sep 13 23:48:15 1996
From: "Mr. Jeremy Hall" <jhall@rex.isdn.net>
To: alex@relcom.EU.net
Date: Fri, 13 Sep 1996 22:46:46 -0500 (CDT)
Cc: curtis@ans.net, perry@piermont.com, nanog@merit.edu
In-Reply-To: <AErjIEoGYE@arch.relcom.ru> from "alex@relcom.EU.net" at Sep 13, 96 01:37:57 pm
-->
-->> circuit, so thats not too bad a problem there.
-->>
-->> > At the single homed connection a router option to reverse the sense of
-->> > the forwarding table on a specific interface (look up the source in
-->> > the forwarding table and only accept if the source is reachable
-->> > through that next hop) seems to be a effective preventative that could
-->> > be easily just "switched on".
-->>
-->> A very good idea.
-->If CISCO'll hear it -:)!
-->
-->
-->
-->>
-->> Perry
-->>
That sounded like a good idea until I considered asymetric routing. You
are assuming the router always knows how to get back to its source, but
on the contrary, this router may not know how to get back to the source.
If you're routing traffic inbound to your organization one way and
outbound traffic goes another, then this option might unnecessarily block
traffic. Consider also what this would do during an unstable situation.
Traffic is already slow enough when a router is unstable because it may
not know how to get to the destination, but if you throw in the
requirement that it has to know how to get to the source as well, didn't
you just help the hacker by shutting down service for lots of people?
--
-------------------------------------------
| Jeremy Hall Network Engineer |
| ISDN-Net, Inc Office +1-615-371-1625 |
| Nashville, TN and the southeast USA |
| jhall@isdn.net Pager +1-615-702-0750 |
-------------------------------------------
