syn attack and source routing
Curtis Villamizar
curtis at ans.net
Thu Sep 19 01:09:09 UTC 1996
In message <199609182107.OAA00889 at quest.quake.net>, Vadim Antonov writes:
> John Hawkinson <jhawk at bbnplanet.com> wrote:
>
> > i should have been more specific. i don't like the idea (at all) of
> > breaking traceroute -g either. i guess in a more general sense i
> > should ask "just how dangerous *is* having backbone-wide/internet-wide
> > loose source routing enabled?".
>
> >As Curtis explained, "not very".
>
> Want to wait until SYN attacks are augmented with LSRR-enabled
> traffic randomization to the point of making it nearly impossible
> to trace?
At the borders hosts that don't want to be attacked just shut off LSRR
at the border router or at the host itself.
Problem solved. And we still have traceroute "as is".
Curtis
More information about the NANOG
mailing list