nanog mailing list archives
Re: SYN spoofing
From: Randy Bush <randy () psg com>
Date: Tue, 3 Aug 1999 08:45:50 -0700 (PDT)
backbone level traffic can not be packet filtered by current real routers. but we've had this discussion a few times already.Which is why it's more scaleable to do packet filtering at the edge, and leave the core to do what it does best...switch packets.
yup, that is the conclusion which was reached every one of the many times this has been discused over the last years. in the future, there may come real routers (i.e. routers which can be and are usable by large isps on large capacity circuits) which have more per-packet processing power at a low enough level of the implementation (i.e. silicon) to allow backbones to filter bogons. also note that reverse-route checks don't work in meshes of any complexity, i.e. backbones. randy
Current thread:
- Re: SYN spoofing Randy Bush (Aug 02)
- <Possible follow-ups>
- Re: SYN spoofing Ron Buchalski (Aug 03)
- Re: SYN spoofing Randy Bush (Aug 03)
- Re: SYN spoofing Daniel Senie (Aug 03)
- Re: SYN spoofing Randy Bush (Aug 03)
- Re: SYN spoofing Randy Bush (Aug 03)