SYN flood messages flooding my mailbox

• Previous message (by thread): SYN flood messages flooding my mailbox
• Next message (by thread): SYN flood messages flooding my mailbox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Basing this on the AdjRibIn is a more work than just reversing the
>sense of the Fib but it does cover quite a few more cases.  Though not
>all of them.

No, not of course; but more than enough to be practical.  A _lot_ more
practical than manually (or semi-automatically) maintained access lists
which do not provide any "visible" benefit.

>The transit providers still need to be able to trace attacks after the
>fact since there is no filter that covers these cases...

Absolutely.  When other things do not help :)

>and filters at
>the fringes will be spotty deplomyments.

That's why i want reverse-route verification to be _default_ behaviour
of routers.  A person who knows how to use asymmetric routing would
know how to turn the feature off.  A person who is clueless or simply
doesn't care will leave default as is.

--vadim

• Previous message (by thread): SYN flood messages flooding my mailbox
• Next message (by thread): SYN flood messages flooding my mailbox
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]