At 02:40 PM 02/11/2000 -0500, Bernie Volz wrote:
>Regarding the recent TCP SYN Flooding attacks, why aren't ALL ISPs
>required to put filtering on their networks that PREVENTS packets with
>invalid source addresses ever entering their infrastructure?
Because there is no "Internet Police", that's why.
>If every
>site connected to the Internet did this, spoofing would be much more
>difficult because you couldn't do it. Sure, you could spoof an address
>from YOUR network, but that's all. And guess what, it would be much
>easier to track and thus to shut down the intrusions should they occur.
Yes, this practice is documented in RFC2267.
>Thus ever edge router should have filter lists that prevent it
>forwarding traffic out to the Internet (ISPs network) any packet that
>does not have a source address that is valid from that site.
>
>I would hope that lots of ISPs already do this. But, perhaps not.
I would hope so, too, but apparently many do not.
Thus, the problem at hand.
- paul
>- Bernie Volz
> Process Software
