From: Hank Nussbacher <hank@ibm.net.il> Subject: Re: syn attack and source routing
Return-Path: <hank@ibm.net.il> X-Mailer: Chameleon ARM_55, TCP/IP for Windows, NetManage Inc. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 18 Sep 1996 03:17:27 -0400 Curtis Villamizar wrote:
If source routing is blocked at the end site it doesn't help any toturn it off in the backbones and turning it off destroys the ability to trace routing problems that customers report (short of finger pointing to another provider or giving the customer the run around by successive handoffs to other NOCs debugging, any "I can't get there from here" is sort of hopeless if you can't traceroute -g).
Since more and more are blocking source routing and breaking traceroute -g then those that block it at their router should at the very least make a WWW traceroute available from their system so as to diagnose those problems you mention. Almost all those that I have in my web site (http://www.ibm.net.il/traceroute) are customers connected to major ISPs. I think the 10 majors should have on their backbones a WWW traceroute as above.
i should have been more specific. i don't like the idea (at all) of breaking traceroute -g either. i guess in a more general sense i should ask "just how dangerous *is* having backbone-wide/internet-wide loose source routing enabled?". -brett
i should have been more specific. i don't like the idea (at all) of breaking traceroute -g either. i guess in a more general sense i should ask "just how dangerous *is* having backbone-wide/internet-wide loose source routing enabled?".
As Curtis explained, "not very". Worst case, those folks feeling victimized can (and do!) simply shut it off. This is a very different case from that of SYN flooding, where the victims are powerless to stop it. Please don't take our LSRR away from us, it is very useful. Campaigning to remove something just because you suspect it might be bad is really not nice -- it will result in random clueless people believeing you when perchance they should not :-) --jhawk
participants (2)
-
Brett D. Watson
-
John Hawkinson