SYN floods (was: does history repeat itself?)


  -->(Note that reverse filters i described do _not_ require that the route
  -->back must be best. It just have to be present in the RIB corresponding
  -->to exterior routing session over the interface in question.)
  You may not have said it, but I remember someone said the route had to be
  in the routing table. I would agree with you if it looked up the source
  in the BGP table and if it considered history or dampened paths valid. If
  your asymetry runs over multiple interfaces, then the best path might not
  be on the interface the packet is arriving on.

This behaviour is USEFULL in any case. If we can filter SRC addresses only in
accordance with routing table - we'll prevent attackes from our direct customers.
If this filtering will work in acordance with the total routing table (not best
routes only) - OR, we'll prevent attack from some small ISP there too. But
anyway this mechanism will work if it'll be available for us.

I never wrote we can prevent attack via other big ISP if they would not
support this filtering. But if Cisco'll incorporate this in _provider_
revision - I think most of ISP will use this mechanism in near future.
(it depends of extra CPU and memory it'll use certainly).