Paul Fergusson wrote:
Deja vu on deja vu. I remember SYN flooding discussions
four or five years ago. Then it was agreed that "who needs
that" and "the threat is not significant".
Now, has it to be reported by CNN to cause something to be done?
Didn't this same topic crop up a couple of years ago when the
IP spoofing-sky-is-falling scare began?
Nah. The "scare" began when silly packet-filtering firewalls
were deployed which didn't do disable LSRR, so somebody could
use a silly O.S. (like HP-UX) which "did the right thing" about
packets with LSRR to gain indirect access to "protected" boxes.
The potential to more interesting damage facilitated by LSRR
was never explored, to my knowledge. It's a matter of time,
If I'm not remiss, the
discussion drifted towards encouraging end-system networks to
disable source-routing at the entrance to their networks if
they were paranoid, but encourage ISP's & transit providers
to allow it.
Yawn. That will only last as long as the first ISP will be hit
with LSRR-looping amplified flooding attack. If i'm not mistaken
that'll nicely kill ciscos (which switching path is used to handle.
loose source routing?)