SYN floods (was: does history repeat itself?)

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 09:08 PM 9/9/96 -0400, Avi Freedman wrote:
>This is *exactly* the right thing to do; every provider which does
>not provide complicated transit (which excludes even certain regionals,
>alas) should do this at their borders if they don't do it at each customer
>connect.
>
>And everyone should at least filter on each customer 56k/t1/etc...
>I know router cycles are tight but it might *really* become
>imperative...

Am I missing something....

If I am announcing a network via BGP I am more or less agreeing to carry
traffic for it.  If I am not I am not.  Therefore, if I filter based on my
outbound BGP announcements and do not allow any packets which have a source
address not originating from a network in my BGP announcements then I
should not be causing any harm to the networks which I am providing
connectivity to.  This has the added benefit of stopping people from
defaulting into me at exchange points as I will not carry that traffic
across my backbone.  I'd love to hear the holes in this theory.

Justin Newton
Internet Architect
Erol's Internet Services

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]