SYN spoofing

• Previous message (by thread): SYN spoofing
• Next message (by thread): SYN spoofing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>From: Randy Bush <randy at psg.com>
>To: Joe Shaw <jshaw at insync.net>
>CC: John Fraizer <John.Fraizer at EnterZone.Net>,Dan Hollis 
><goemon at sasami.anime.net>, bandregg at redhat.com,nanog at merit.edu
>Subject: Re: SYN spoofing
>Date: Mon, 2 Aug 1999 17:09:55 +0200 (CEST)
>
>
> > How hard is it really to put a filter on your outbound links that says
> > drop all ip traffic heading out these links that isn't from my IP space?
>
>trivial.  only one gotcha.  if it is a backbone router, it will fall over
>dead.  beyond that, not a problem.
>
>backbone level traffic can not be packet filtered by current real routers.
>but we've had this discussion a few times already.
>
>randy
>

Which is why it's more scaleable to do packet filtering at the edge, and 
leave the core to do what it does best...switch packets.

-rb


_______________________________________________________________
Get Free Email and Do More On The Web. Visit http://www.msn.com

• Previous message (by thread): SYN spoofing
• Next message (by thread): SYN spoofing
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]