SYN spoofing

Randy Bush randy at
Tue Aug 3 15:45:50 UTC 1999

>> backbone level traffic can not be packet filtered by current real routers.
>> but we've had this discussion a few times already.
> Which is why it's more scaleable to do packet filtering at the edge, and 
> leave the core to do what it does best...switch packets.

yup, that is the conclusion which was reached every one of the many times
this has been discused over the last years.  in the future, there may come
real routers (i.e. routers which can be and are usable by large isps on
large capacity circuits) which have more per-packet processing power at a
low enough level of the implementation (i.e. silicon) to allow backbones to
filter bogons.  also note that reverse-route checks don't work in meshes of
any complexity, i.e. backbones.


More information about the NANOG mailing list