[5076] in North American Network Operators' Group
Re: syn attack and source routing
daemon@ATHENA.MIT.EDU (Bill Fenner)
Tue Oct 8 11:52:54 1996
To: Vadim Antonov <avg@quake.net>
cc: nanog@merit.edu
In-reply-to: Your message of "Fri, 27 Sep 96 14:18:58 PDT."
<199609272118.OAA01404@quest.quake.net>
Date: Tue, 8 Oct 1996 08:45:01 PDT
From: Bill Fenner <fenner@parc.xerox.com>
(Apologies for resurrecting the old ICMP TRACEROUTE thread.)
In message <199609272118.OAA01404@quest.quake.net> Vadim wrote:
>Alexis Rosen <alexis@panix.com> wrote:
>>I'm very surprised that noone has mentioned what seems to me to be the
>>*really* serious drawback to this scheme.
>
>Yes, indeed a single traceroute packet with forged address can generate
>many responses.
Unless you use a scheme similar to multicast traceroute, which uses
a single packet which travels hop-by-hop and gets more information appended
to the packet at each hop. There is a hop limit in the packet to be able
to do "expanding-length" searches like traceroute does now, or if you set
the hop limit to 255 the full path will be traced if every hop supports
traceroute and you will get one big answer packet back.
Bill
