[54908] in North American Network Operators' Group
Re: Is there a line of defense against Distributed Reflective attacks?
daemon@ATHENA.MIT.EDU (Stewart, William C (Bill), RTLSL)
Mon Jan 20 19:00:48 2003
Date: Mon, 20 Jan 2003 19:00:01 -0500
From: "Stewart, William C (Bill), RTLSL" <billstewart@att.com>
To: <nanog@trapdoor.merit.edu>
Errors-To: owner-nanog-outgoing@merit.edu
> > > > Block all TCP 21 and 80 ?
> > > Why not just block all incoming SYN ?
> > Doesn't this stop kazaa/morpheus/gnutella/FTP/<some aim stuff like =
private chats>?=20
> Indeed it does break that. P2P clients: Mostly transfer illegal =
content. [...]
> Ftp/HTTP etc I believe most cable providers currently block these =
anyway :-)
> There's a chance it'd break things like file transfers on IM clients =
but
> I'm sure they'd be altered too.
The policy of some cable modem companies against running anything
resembling a server is even more clueless from a business perspective
than it is from a technical perspective, but that's a rant for another =
list.
I'd assumed the "block all SYN" was humor, but if we're discussing it
seriously, it's a genuinely bad idea.
A large number of applications really are servers, such as the=20
listener clients for IM systems (including IRC as well as commercial =
ones),
VOIP clients, Netmeeting and other videoconference tools, and
Games, which are one of the critical markets for selling broadband.
Some of them use UDP for everything that isn't central-server based,
either for packet-loss-tolerant apps or else for reinventing TCP the =
hard way,
or sometimes for NAT traversal, but many of them do or should use TCP.
Bill Stewart
Official Technical Spokesperson for ~0.00001% of Comcast cable network.
