Re: Is there a line of defense against Distributed Reflective attacks?
Block all TCP 21 and 80 ? Why not just block all incoming SYN ? Doesn't this stop kazaa/morpheus/gnutella/FTP/<some aim stuff like private chats>? Indeed it does break that. P2P clients: Mostly transfer illegal content. [...] Ftp/HTTP etc I believe most cable providers currently block these anyway :-) There's a chance it'd break things like file transfers on IM clients but I'm sure they'd be altered too.
The policy of some cable modem companies against running anything resembling a server is even more clueless from a business perspective than it is from a technical perspective, but that's a rant for another list. I'd assumed the "block all SYN" was humor, but if we're discussing it seriously, it's a genuinely bad idea. A large number of applications really are servers, such as the listener clients for IM systems (including IRC as well as commercial ones), VOIP clients, Netmeeting and other videoconference tools, and Games, which are one of the critical markets for selling broadband. Some of them use UDP for everything that isn't central-server based, either for packet-loss-tolerant apps or else for reinventing TCP the hard way, or sometimes for NAT traversal, but many of them do or should use TCP. Bill Stewart Official Technical Spokesperson for ~0.00001% of Comcast cable network.
participants (1)
-
Stewart, William C (Bill), RTLSL