[4670] in North American Network Operators' Group
Re: SYN flood messages flooding my mailbox
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Tue Sep 24 04:07:06 1996
Date: Tue, 24 Sep 1996 01:03:25 -0700
From: Vadim Antonov <avg@quake.net>
To: curtis@ans.net, nanog@merit.edu
>Basing this on the AdjRibIn is a more work than just reversing the
>sense of the Fib but it does cover quite a few more cases. Though not
>all of them.
No, not of course; but more than enough to be practical. A _lot_ more
practical than manually (or semi-automatically) maintained access lists
which do not provide any "visible" benefit.
>The transit providers still need to be able to trace attacks after the
>fact since there is no filter that covers these cases...
Absolutely. When other things do not help :)
>and filters at
>the fringes will be spotty deplomyments.
That's why i want reverse-route verification to be _default_ behaviour
of routers. A person who knows how to use asymmetric routing would
know how to turn the feature off. A person who is clueless or simply
doesn't care will leave default as is.
--vadim
