syn attack and source routing

In message <>, "Brett D. Watson" write

  i'm surprised there has been no discussion of turning off source
routing on major backbones to help alleviate this problem. all of
the focus seems to be on the edges of the networks when in fact the
attackers are "running right up the middle". i'm not disagreeing
that providers need to filter on the edges but the "big guys" are
just as responsible as the "little guys".

  i know what a can of worms this is because source routing is quite
useful in tracking down network and routing problems but it seems to
me the danger it imposes today outweighs it's usefulness.


If source routing is blocked at the end site it doesn't help any
toturn it off in the backbones and turning it off destroys the ability
to trace routing problems that customers report (short of finger
pointing to another provider or giving the customer the run around by
successive handoffs to other NOCs debugging, any "I can't get there
from here" is sort of hopeless if you can't traceroute -g).