[4549] in North American Network Operators' Group
Re: syn attack and source routing
daemon@ATHENA.MIT.EDU (Curtis Villamizar)
Wed Sep 18 03:22:53 1996
To: bwatson@genuity.net
cc: nanog@merit.edu
Reply-To: curtis@ans.net
In-reply-to: Your message of "Tue, 17 Sep 1996 23:36:52 PDT."
<199609180636.XAA01860@batcave.genuity.net>
Date: Wed, 18 Sep 1996 03:17:27 -0400
From: Curtis Villamizar <curtis@ans.net>
In message <199609180636.XAA01860@batcave.genuity.net>, "Brett D. Watson" write
s:
> i'm surprised there has been no discussion of turning off source
> routing on major backbones to help alleviate this problem. all of
> the focus seems to be on the edges of the networks when in fact the
> attackers are "running right up the middle". i'm not disagreeing
> that providers need to filter on the edges but the "big guys" are
> just as responsible as the "little guys".
>
> i know what a can of worms this is because source routing is quite
> useful in tracking down network and routing problems but it seems to
> me the danger it imposes today outweighs it's usefulness.
>
> -brett
If source routing is blocked at the end site it doesn't help any
toturn it off in the backbones and turning it off destroys the ability
to trace routing problems that customers report (short of finger
pointing to another provider or giving the customer the run around by
successive handoffs to other NOCs debugging, any "I can't get there
from here" is sort of hopeless if you can't traceroute -g).
Curtis
