[4386] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: SYN floods (was: does history repeat itself?)

daemon@ATHENA.MIT.EDU (Mr. Jeremy Hall)
Sat Sep 14 16:56:41 1996

From: "Mr. Jeremy Hall" <jhall@rex.isdn.net>
To: alex@relcom.eu.net
Date: Sat, 14 Sep 1996 15:52:53 -0500 (CDT)
Cc: curtis@ans.net, nanog@merit.edu, perry@piermont.com
In-Reply-To: <ACdffEoirI@arch.relcom.ru> from "alex@relcom.eu.net" at Sep 14, 96 03:43:35 pm

-->>   Traffic is already slow enough when a router is unstable because it may
-->>   not know how to get to the destination, but if you throw in the
-->>   requirement that it has to know how to get to the source as well, didn't
-->>   you just help the hacker by shutting down service for lots of people?
-->How? I can't understand how this helps the hackers.
-->
-->Through you are right in case of Universities (and it's not secret just universities
-->are the motherland of the hackers -:)).
-->--- 
In order for your idea to work, the router where you're doing the 
filtering must know how to get to all destinations on the Internet, must 
not have a default network or route, and they must be symetrical.

As far as your other statement, when an instability occurs, all traffic 
starts getting slow because the routers are trying to reroute around a 
flapping t3 or whatever caused the outage. Since the whole point around a 
denial of service attack is to deny service, by adding in the fact that 
we need to know how to get to the source address before we forward the 
packet introduces more problems. I think you would find this hurts more 
than it helps. Even if you limit this kind of lookups to when the packet 
happens to be a TCP packet with the syn option, you still have a problem 
in establishing a connection. This creates frustration on the part of the 
end user.
-- 
              -------------------------------------------
              | Jeremy Hall      Network Engineer |
              | ISDN-Net, Inc    Office +1-615-371-1625 |
              | Nashville, TN    and the southeast USA  |
              | jhall@isdn.net   Pager  +1-615-702-0750 |
              -------------------------------------------


home help back first fref pref prev next nref lref last post