ietf
[Top] [All Lists]

Re: Internet SYN Flooding, spoofing attacks

2000-02-11 14:50:03
At 03:45 PM 02/11/2000 -0500, John Stracke wrote:

> Regarding the recent TCP SYN Flooding attacks, why aren't ALL ISPs
> required to put filtering on their networks that PREVENTS packets with
> invalid source addresses ever entering their infrastructure?

That wouldn't help with the current version of the problem.  An attacker
sends out a virus or worm or something; when it's running on 10^5
machines, the attacker turns them loose on the target.  Each of the source
addresses is valid; each of the packets sent is innocuous in and of
itself.

Yes, it would certainly help.

It would allow the attacks to be traced back to the zombies (in
the case of these DDoS attacks), and the perpetrators to be traced
back and identified.

- paul