SYN floods (was: does history repeat itself?)

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>   -->>   > the forwarding table and only accept if the source is reachable
>   -->>   > through that next hop) seems to be a effective preventative that could
>   -->>   > be easily just "switched on".
>   -->>
>   -->>   A very good idea.
>   -->If CISCO'll hear it -:)!
>   -->
>   -->
>   -->
>   -->>
>   -->>   Perry
>   -->>
>   That sounded like a good idea until I considered asymetric routing. You
>   are assuming the router always knows how to get back to its source, but
Did you read me and Antonov carefully? We have spoken about BORDER
interfaces with the CUSTOMERS. If -
- the default behaviour of CISCO would be _filter out packets with SRC addresses
not from the routing table for this interface_,
- it'll work on the CUSTOMER's interfaces for the single-home customers,
- I should install this behaviour on the part of my interfaces

it'll protect us against more than 90% of this attackes.

Of cource it's not possible to use this for internetwork interfaces in the
big network; it's difficult to use this for inter-network interfaces in case
of multihoming.

Now I have 2 kinds of interfaces there:

1) Strictly controled interfaces for the customers. I have to use exact list
for the network numbers I receive from this interfaces (even in case of BGP I
check not only AS-es but Networks too), and so on  - it's because I don't
trust this users.

2) Peering interfaces - when I excahneg routing with other ISP I trrust them and
am controlling AS pathes only.

Usially I have assymmetrical routing on the interfaces of 2'th type (but this
routing is usially the sighn of _something wrong in this world_). And I do
not want assymmetric routing on the interfaces of the 1'th kind.

>   Traffic is already slow enough when a router is unstable because it may
>   not know how to get to the destination, but if you throw in the
>   requirement that it has to know how to get to the source as well, didn't
>   you just help the hacker by shutting down service for lots of people?
How? I can't understand how this helps the hackers.

Through you are right in case of Universities (and it's not secret just universities
are the motherland of the hackers -:)).
--- 
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 239-10-10, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)

• Previous message (by thread): SYN floods (was: does history repeat itself?)
• Next message (by thread): SYN floods (was: does history repeat itself?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]