Re: Internet SYN Flooding, spoofing attacks

[John Stracke]

Bernie Volz wrote:

> Regarding the recent TCP SYN Flooding attacks, why aren't ALL ISPs
> required to put filtering on their networks that PREVENTS packets with
> invalid source addresses ever entering their infrastructure?

That wouldn't help with the current version of the problem.  An attacker
sends out a virus or worm or something; when it's running on 10^5
machines, the attacker turns them loose on the target.  Each of the source
addresses is valid; each of the packets sent is innocuous in and of
itself.

--
/=================================================================\
|John Stracke    | http://www.ecal.com |My opinions are my own.   |
|Chief Scientist |================================================|
|eCal Corp.      |"Genius, Brain! But what if the dragon eats us?"|
|[EMAIL PROTECTED]|"That would alter our plans."                   |
\=================================================================/