syn attack and source routing

If source routing is blocked at the end site it doesn't help any
toturn it off in the backbones and turning it off destroys the ability
to trace routing problems that customers report (short of finger
pointing to another provider or giving the customer the run around by
successive handoffs to other NOCs debugging, any "I can't get there
from here" is sort of hopeless if you can't traceroute -g).

Since more and more are blocking source routing and breaking traceroute -g
then those that block it at their router should at the very least make
a WWW traceroute available from their system so as to diagnose those
problems you mention. Almost all those that I have in my web site
(IBM - United States) are customers connected to major ISPs.
I think the 10 majors should have on their backbones a WWW traceroute
as above.



In the BCP document, please explain the difference between source routing
and source spoofing as well as SYN flooding. And please cover source
address filters for both incoming and outgoing.

Michael Dillon - ISP & Internet Consulting
Memra Software Inc. - Fax: +1-604-546-3049 - E-mail: