syn attack and source routing

From: Hank Nussbacher <>
Subject: Re: syn attack and source routing

Return-Path: <>
X-Mailer: Chameleon ARM_55, TCP/IP for Windows, NetManage Inc.
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

>If source routing is blocked at the end site it doesn't help any
>toturn it off in the backbones and turning it off destroys the ability
>to trace routing problems that customers report (short of finger
>pointing to another provider or giving the customer the run around by
>successive handoffs to other NOCs debugging, any "I can't get there
>from here" is sort of hopeless if you can't traceroute -g).

Since more and more are blocking source routing and breaking traceroute -g
then those that block it at their router should at the very least make
a WWW traceroute available from their system so as to diagnose those
problems you mention. Almost all those that I have in my web site
(IBM - United States) are customers connected to major ISPs.
I think the 10 majors should have on their backbones a WWW traceroute
as above.

  i should have been more specific. i don't like the idea (at all) of
breaking traceroute -g either. i guess in a more general sense i
should ask "just how dangerous *is* having backbone-wide/internet-wide
loose source routing enabled?".