Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SYN spoofing

  • From: Dan Hollis
  • Date: Wed Jul 28 17:53:29 1999

On Wed, 28 Jul 1999, Jeremy Porter wrote:
> >You can at least conclusively show who is transporting the
> >invalid-source-address-packets to the endpoint. That is, conclusively show
> >that the next-to-last-hop isnt properly filtering.
> But that doesn't really do any good.  They have valid reasons for
> not running IP verify unicast reverse path on their backbone routers
> due to asymetric routing.

Note I wasnt talking about RPF I was talking about bogons. The last
few smurf attacks I saw, bogons were a large percentage of total smurf
volume.

> Maybe we should ask Cisco for a  "no ip bogons" command.

Would be nice especially if it defaulted to on (like current 'no
directed-broadcast').

> Yes it would be good to filter.  Maybe it should even be a BCP.
> Maybe the next router requirements should require routers to filter
> bogons at wire rate.

Well for terminal servers this should certainly be a reasonable
requirement. An option to disconnect any port which is found to be
sourcing invalid addresses would be excellent. It would certainly be a
deterrent to the script kiddies if they knew each time they fired up the
smurfer, that they automatically lose their connection.

> Interprovider cooperation to track and filter the packets is the correct
> solution, however difficult it might be.

And how many years have we been screaming about this with no progress.
There seems to be zero incentive for interprovider cooperation.
We need to give them incentive. But what?

-Dan






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.