Re: Re[2]: SYN floods (was: does history repeat itself?)

["Alex.Bligh" <amb () xara net>]

> On Thu, 12 Sep 1996, John G. Scudder wrote:
>
> > Insofar as guys who "barely know what a TCP SYN is" are unlikely to twist
> > the knobs, defaulting filtering to "block spoofed addresses" seems like the
> > best and maybe only way to get them to do it.
>
> If we can get config instructions for all the popular NAS boxes like
> Ascend, Livingston, USR etc. posted to a web page somewher then we can get
> the word out to a lot of ISP's via the 7 or 8 ISP mailing lists,
> Boardwatch magazine and USENET. But for the benefit of those maginally
> clueful people out there we need to have some fairly explicit
> instructions.

Don't forget Linux and the various BSD stuff. Quite a few people
run modems with these as terminal servers. Certainly this
would be trivial in Linux, from experience.

It would probably be advisable to be able to disable this on a per
i/f basis as there are a few people who intentionally have locally
assymetric routing (pile of Maxen with 2 routers for redundancy
and load-sharing for instance) but could still work
with spoofed source IP address filtering on the modem
ends.

Alex Bligh
Xara Networks


- - - - - - - - - - - - - - - - -