Re: Re[2]: SYN floods (was: does history repeat itself?)
At 01:44 PM 9/12/96 -0400, Curtis Villamizar wrote:
I agree with you completely -- sort of. Only problem is there are thought to be some 3,000 dial access providers. Many of them barely know what a TCP SYN is, let alone why they need to block ones with random source addresses and how. Unless of course you are volunteering to explain it and help them. Thanks in advance. :-)
We are currently blocking any outgoing packets which have a source address which is not advertised by us. I have also crossposted Avi's and Craig's access filter list for Border routers to the inet-access mailing list which has approx 2,000 subscribers, mostly small ISP's. Maybe it'll help. Maybe not. Justin Newton Internet Architect Erol's Internet Services
On Thu, 12 Sep 1996, Justin W. Newton wrote:
We are currently blocking any outgoing packets which have a source address which is not advertised by us. I have also crossposted Avi's and Craig's access filter list for Border routers to the inet-access mailing list which has approx 2,000 subscribers, mostly small ISP's. Maybe it'll help. Maybe not.
One thing that would help is for somebody to translate that filter list to Livingston IRX format since a lot of smaller ISP's use those boxes. Someone else made a comment that many ISP's wouldn't have a clue what a SYN packet is. Actually, now a lot more of them do because I have forwarded some of the discussion from here onto a few ISP mailing lists. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
participants (2)
-
Justin W. Newton
-
Michael Dillon