nanog mailing list archives
Re: SYN floods (was: does history repeat itself?)
From: "Justin W. Newton" <justin () erols com>
Date: Fri, 13 Sep 1996 10:51:14 -0400
At 04:37 AM 9/13/96 -0400, Alexis Rosen wrote:
Alex.Bligh writes:
I think you are talking about filtering inbound packets to your router and restricting them to BGP announcements (I don't think Avi was - see below). This would be done on the destination address (checking it was within your announced route set) and thus doesn't help protect against spoofed source addresses.No, Justin's talking about filtering _customers'_ packets at Justin's border with the customer. No BGP involved. This assumes customers that are not providers (ie, no transit for other nets through the customer). Good enough if all providers do the right thing (or if almost all do). What Justin meant about his BGP announcements was that a customer's packet is legal IFF Justin's announcing that packet's net by BGP (on _behalf_ of the customer, not _to_ the customer). Again, customer means a site that's not a BGP peer.
Actually what Justin was talking about is as follows... Justin will only allow packets out of his border routers /to/ peers if they are packets with a source address inside the ranges of addresses he announces via BGP. I.e. if I announce 192.1.1.0 0.0.0.255 I would allow a packet with an address of 192.1.1.1 out of my network into "the net at large" but not if the packets source address was 192.1.2.1. I will allow any packet which I allow to enter my network into a customer's network. Their filtering is their problem. Justin Newton Internet Architect Erol's Internet Services - - - - - - - - - - - - - - - - -
Current thread:
- Re: Re[2]: SYN floods (was: does history repeat itself?), (continued)
- Re: Re[2]: SYN floods (was: does history repeat itself?) Alexis Rosen (Sep 10)
- Re: Re[2]: SYN floods (was: does history repeat itself?) Paul Frommeyer (Sep 10)
- Re: Re[2]: SYN floods (was: does history repeat itself?) Dick St.Peters (Sep 11)
- Re: Re[2]: SYN floods (was: does history repeat itself?) Alexis Rosen (Sep 10)
- Re[6]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 11)
- Re: Re[2]: SYN floods (was: does history repeat itself?) Justin W. Newton (Sep 12)
- Re: Re[2]: SYN floods (was: does history repeat itself?) Michael Dillon (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Justin W. Newton (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Alex.Bligh (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Alexis Rosen (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Alex.Bligh (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Tim Salo (Sep 12)
- Re: SYN floods (was: does history repeat itself?) Justin W. Newton (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Alex.Bligh (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Alex.Bligh (Sep 13)
- Re: SYN floods (was: does history repeat itself?) Vadim Antonov (Sep 14)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 15)
- Re: SYN floods (was: does history repeat itself?) alex (Sep 16)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 16)
- Re: SYN floods (was: does history repeat itself?) Mr. Jeremy Hall (Sep 15)
- Re: Re[4]: SYN floods (was: does history repeat itself?) James D. Butt 'J.D.' (Sep 15)
- Re: SYN floods (was: does history repeat itself?) Vadim Antonov (Sep 15)
- Re[4]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 16)
- Re[4]: SYN floods (was: does history repeat itself?) Pat Calhoun (Sep 16)