[54865] in North American Network Operators' Group
Re: FW: Re: Is there a line of defense against Distributed Reflective
daemon@ATHENA.MIT.EDU (Avleen Vig)
Sun Jan 19 09:20:09 2003
Date: Sun, 19 Jan 2003 05:52:58 -0800 (PST)
From: Avleen Vig <lists-nanog@silverwraith.com>
To: "Christopher L. Morrow" <chris@UU.NET>
Cc: Avleen Vig <lists-nanog@silverwraith.com>,
Daniel Senie <dts@senie.com>,
"nanog@trapdoor.merit.edu" <nanog@trapdoor.merit.edu>
In-Reply-To: <Pine.GSO.4.33.0301190607340.19744-100000@rampart.argfrp.us.uu.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 19 Jan 2003, Christopher L. Morrow wrote:
> > you could partly get around this by blocking all 'SYN' packets going to
> > your customers :-)
>
> and we are hoping none are hosting webservers or mail servers or....
> right? Oh wait! I'll just make them use my datacenters, right?? or were
> you not talking about the attacks?
I was refering specifically to end user workstations. For example home
machines on dial up or broadband connections.
A lot of broadband providers already prohibit running servers and block
certain inbound ports (eg 21 and 80).
*shrug* just seems like it would make more sense to block all incoming
'syn' packets.
Wouldn't that be faster than inspecting the destination port against two
seperate rules?
I don't know how these operators do their blocking..
