From: Hank Nussbacher <hank@ibm.net.il>
Subject: Re: syn attack and source routingReturn-Path: <hank@ibm.net.il>
X-Mailer: Chameleon ARM_55, TCP/IP for Windows, NetManage Inc.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII>If source routing is blocked at the end site it doesn't help any
>toturn it off in the backbones and turning it off destroys the ability
>to trace routing problems that customers report (short of finger
>pointing to another provider or giving the customer the run around by
>successive handoffs to other NOCs debugging, any "I can't get there
>from here" is sort of hopeless if you can't traceroute -g).Since more and more are blocking source routing and breaking traceroute -g
then those that block it at their router should at the very least make
a WWW traceroute available from their system so as to diagnose those
problems you mention. Almost all those that I have in my web site
(IBM - United States) are customers connected to major ISPs.
I think the 10 majors should have on their backbones a WWW traceroute
as above.
i should have been more specific. i don't like the idea (at all) of
breaking traceroute -g either. i guess in a more general sense i
should ask "just how dangerous *is* having backbone-wide/internet-wide
loose source routing enabled?".
-brett