Want to wait until SYN attacks are augmented with LSRR-enabled
traffic randomization to the point of making it nearly impossible
They're optioned packets, I imagine tracing them is easier and one is
able to bludgeon one's vendor into putting in better tracing
for you without them having a cow.
People knew about SYN flooding for years. Nothing happened until
s*t hit the fan. I strongly suspect that LSRR is of the same
I doubt it. As I said, anyone who's affected can cure themselves.
>Please don't take our LSRR away from us, it is very useful.
Per se, LSRR is not useful. traceroute -g is.
Lately I feel like I'm the single person on the planet who actually
uses LSRR for stuff. I do use loose source telnet on the average
of once a week...
Why not to implement something saner like traceroute servers?
You go implement your traceroute servers everywhere I need them
and THEN come back and ask me to shut it off and I'll consider it.
Or better yet, the ICMP TRACEROUTE message, which would go
hop by hop and on every hop generates a response message.
Augmented with PROXY TRACEROUTE which will cause the destination
box to send out the ICMP TRACEROUTE.
I can write RFC in my copious spare time if you think that this
makes more sense than the UDP kludge.
I'm not convinced it makes more sense. As I said to smd in response to
his similar comments, the beauty of the current traceroute is that
it's hard for idiots to turn it off. Very few other solutions have
this wonderful property.