rbuchals at hotmail.com
Tue Aug 3 15:33:59 UTC 1999
>From: Randy Bush <randy at psg.com>
>To: Joe Shaw <jshaw at insync.net>
>CC: John Fraizer <John.Fraizer at EnterZone.Net>,Dan Hollis
><goemon at sasami.anime.net>, bandregg at redhat.com,nanog at merit.edu
>Subject: Re: SYN spoofing
>Date: Mon, 2 Aug 1999 17:09:55 +0200 (CEST)
> > How hard is it really to put a filter on your outbound links that says
> > drop all ip traffic heading out these links that isn't from my IP space?
>trivial. only one gotcha. if it is a backbone router, it will fall over
>dead. beyond that, not a problem.
>backbone level traffic can not be packet filtered by current real routers.
>but we've had this discussion a few times already.
Which is why it's more scaleable to do packet filtering at the edge, and
leave the core to do what it does best...switch packets.
Get Free Email and Do More On The Web. Visit http://www.msn.com
More information about the NANOG