syn attack and source routing
Brett D. Watson
bwatson at genuity.net
Wed Sep 18 16:40:02 UTC 1996
> From: Hank Nussbacher <hank at ibm.net.il>
> Subject: Re: syn attack and source routing
>
> Return-Path: <hank at ibm.net.il>
> X-Mailer: Chameleon ARM_55, TCP/IP for Windows, NetManage Inc.
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>
> On Wed, 18 Sep 1996 03:17:27 -0400 Curtis Villamizar wrote:
> >If source routing is blocked at the end site it doesn't help any
> >toturn it off in the backbones and turning it off destroys the ability
> >to trace routing problems that customers report (short of finger
> >pointing to another provider or giving the customer the run around by
> >successive handoffs to other NOCs debugging, any "I can't get there
> >from here" is sort of hopeless if you can't traceroute -g).
>
> Since more and more are blocking source routing and breaking traceroute -g
> then those that block it at their router should at the very least make
> a WWW traceroute available from their system so as to diagnose those
> problems you mention. Almost all those that I have in my web site
> (http://www.ibm.net.il/traceroute) are customers connected to major ISPs.
> I think the 10 majors should have on their backbones a WWW traceroute
> as above.
i should have been more specific. i don't like the idea (at all) of
breaking traceroute -g either. i guess in a more general sense i
should ask "just how dangerous *is* having backbone-wide/internet-wide
loose source routing enabled?".
-brett
More information about the NANOG
mailing list