syn attack and source routing
Vadim Antonov
avg at quake.net
Sat Sep 21 18:55:59 UTC 1996
Paul Fergusson wrote:
>Deja vu.
Deja vu on deja vu. I remember SYN flooding discussions
four or five years ago. Then it was agreed that "who needs
that" and "the threat is not significant".
Now, has it to be reported by CNN to cause something to be done?
>Didn't this same topic crop up a couple of years ago when the
>IP spoofing-sky-is-falling scare began?
Nah. The "scare" began when silly packet-filtering firewalls
were deployed which didn't do disable LSRR, so somebody could
use a silly O.S. (like HP-UX) which "did the right thing" about
packets with LSRR to gain indirect access to "protected" boxes.
The potential to more interesting damage facilitated by LSRR
was never explored, to my knowledge. It's a matter of time,
though.
>If I'm not remiss, the
>discussion drifted towards encouraging end-system networks to
>disable source-routing at the entrance to their networks if
>they were paranoid, but encourage ISP's & transit providers
>to allow it.
Yawn. That will only last as long as the first ISP will be hit
with LSRR-looping amplified flooding attack. If i'm not mistaken
that'll nicely kill ciscos (which switching path is used to handle.
loose source routing?)
--vadim
More information about the NANOG
mailing list