Re: Internet SYN Flooding, spoofing attacks

[Charles E. Perkins]

Robert Elz wrote:

>                                             There's no good purpose
> in sending packets with incorrect source addresses I can think of, and
> stopping the practice is the basic intent of the filters.

Mobile IP would like to send out packets with the mobile node's
home address, while it is attached to a network in a foreign
domain.  The home address is likely to look "incorrect" from
the standpoint of such a filter.

Plus I don't think the gain is worth the pain.  I'd rather see
a technology that actually solves the problem instead of swatting
at gnats with a sledge hammer.

What if routers could preferentially keep track of things like SYN
packets and so on for a few seconds, and we had some traceback management
software and security associations with our neighbors enough to do
some automatic detection?

It might cost 2% more for the memory buffers, geez I don't know.

Regards,
Charlie P.