SYN flood messages flooding my mailbox
Vadim Antonov
avg at quake.net
Tue Sep 24 08:03:25 UTC 1996
>Basing this on the AdjRibIn is a more work than just reversing the
>sense of the Fib but it does cover quite a few more cases. Though not
>all of them.
No, not of course; but more than enough to be practical. A _lot_ more
practical than manually (or semi-automatically) maintained access lists
which do not provide any "visible" benefit.
>The transit providers still need to be able to trace attacks after the
>fact since there is no filter that covers these cases...
Absolutely. When other things do not help :)
>and filters at
>the fringes will be spotty deplomyments.
That's why i want reverse-route verification to be _default_ behaviour
of routers. A person who knows how to use asymmetric routing would
know how to turn the feature off. A person who is clueless or simply
doesn't care will leave default as is.
--vadim
More information about the NANOG
mailing list