Paul Fergusson wrote:
Deja vu.
Deja vu on deja vu. I remember SYN flooding discussions four or five years ago. Then it was agreed that "who needs that" and "the threat is not significant". Now, has it to be reported by CNN to cause something to be done?
Didn't this same topic crop up a couple of years ago when the IP spoofing-sky-is-falling scare began?
Nah. The "scare" began when silly packet-filtering firewalls were deployed which didn't do disable LSRR, so somebody could use a silly O.S. (like HP-UX) which "did the right thing" about packets with LSRR to gain indirect access to "protected" boxes. The potential to more interesting damage facilitated by LSRR was never explored, to my knowledge. It's a matter of time, though.
If I'm not remiss, the discussion drifted towards encouraging end-system networks to disable source-routing at the entrance to their networks if they were paranoid, but encourage ISP's & transit providers to allow it.
Yawn. That will only last as long as the first ISP will be hit with LSRR-looping amplified flooding attack. If i'm not mistaken that'll nicely kill ciscos (which switching path is used to handle. loose source routing?) --vadim