syn attack and source routing

• Previous message (by thread): syn attack and source routing
• Next message (by thread): syn attack and source routing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

i think that the better fix for the spoofing scare was to filter 
at the edges of your network for your own source addresses so that 
no one could send to your networks with a source address of your 
networks.  i don't believe that this will disable lsrr.  we're now 
completing the cycle and suggesting that we should also prevent folks
from sourcing packets in their networks destined to flow the
opposite direction with anything other than the real source 
addresses in their networks.

i haven't thought about it much, but i'm sure that someone here
would know, could you use lsrr to launch the predictive-seq-#-
spoofing attack?

Jeff Young
young at mci.net

> Return-Path: owner-nanog at merit.edu 
> Received: from merit.edu (merit.edu [35.1.1.42]) by postoffice.Reston.mci.net (8.7.5/8.7.3) with ESMTP id LAA00317; Sat, 21 Sep 1996 11:49:57 -0400 (EDT)
> Received: from localhost (daemon at localhost) by merit.edu (8.7.6/merit-2.0) with SMTP id LAA25996; Sat, 21 Sep 1996 11:42:36 -0400 (EDT)
> Received: by merit.edu (bulk_mailer v1.5); Sat, 21 Sep 1996 11:42:22 -0400
> Received: (from daemon at localhost) by merit.edu (8.7.6/merit-2.0) id LAA25972 for nanog-outgoing; Sat, 21 Sep 1996 11:42:22 -0400 (EDT)
> Received: from diablo.cisco.com (diablo.cisco.com [171.68.223.106]) by merit.edu (8.7.6/merit-2.0) with SMTP id LAA25967 for <nanog at merit.edu>; Sat, 21 Sep 1996 11:42:19 -0400 (EDT)
> Received: from pferguso-pc.cisco.com (dhcp-restontel-84.cisco.com [171.68.52.84]) by diablo.cisco.com (8.6.12/CISCO.SERVER.1.1) with SMTP id IAA10483; Sat, 21 Sep 1996 08:41:45 -0700
> Message-Id: <2.2.32.19960921154145.00ad0984 at lint.cisco.com>
> X-Sender: pferguso at lint.cisco.com
> X-Mailer: Windows Eudora Pro Version 2.2 (32)
> Mime-Version: 1.0
> Date: Sat, 21 Sep 1996 11:41:45 -0400
> To: John Hawkinson <jhawk at bbnplanet.com>
> From: Paul Ferguson <pferguso at cisco.com>
> Subject: Re: syn attack and source routing
> Cc: nanog at merit.edu
> Sender: owner-nanog at merit.edu
> Content-Type: text/plain; charset="us-ascii"
> Content-Length: 841
> 
> Deja vu.
> 
> Didn't this same topic crop up a couple of years ago when the
> IP spoofing-sky-is-falling scare began? If I'm not remiss, the
> discussion drifted towards encouraging end-system networks to
> disable source-routing at the entrance to their networks if
> they were paranoid, but encourage ISP's & transit providers
> to allow it.
> 
> - paul
> 
> At 01:18 PM 9/18/96 -0400, John Hawkinson wrote:
> 
> >
> >Worst case, those folks feeling victimized can (and do!) simply shut
> >it off.
> >
> >This is a very different case from that of SYN flooding, where the
> >victims are powerless to stop it.
> >
> >Please don't take our LSRR away from us, it is very useful.
> >Campaigning to remove something just because you suspect it might be
> >bad is really not nice -- it will result in random clueless people
> >believeing you when perchance they should not :-)
> >
> >--jhawk
> >
> 

• Previous message (by thread): syn attack and source routing
• Next message (by thread): syn attack and source routing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]