SYN floods continue

alex at relcom.EU.net alex at relcom.EU.net
Wed Sep 11 17:52:33 UTC 1996


BTW. Some time ago (when we used PC based routers and had all sources) we
discussed the same problem. One of the best solutions to prevent many kinds of
hacker's weapons is to allow customer send packets with SRC address ONLY
if this (SRC) address have routing via the same interface. This control is possible
only for one-homed customer but is effective enougph to prevent TCP spoofing,
many SYN, PING, UDP etc attacks and does allow ISP to determine the source of
any internet attack.

>   > > reasonable for how to deal with this situation, long term, except for the
>   >
>   >
>   If they modulate the phasers we just need to modulate the sheilds. :-O
But they always modulate phasers _BEFORE_ you modulate shields -:)

--- 
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)





More information about the NANOG mailing list