SYN? GIF at 11? Nahhh...

This is as big a reason as any for providers to start filtering their
_outgoing_ traffic so that only addresses which could have originated in
your network can pass out of your network.

And if you don't do this, very soon your provider will yank your
connection and sue *YOU* for damages if not fraud. Think about it...

The company who gets allocated 192.0.2/8 pays Sprint for access to the
net. You pay MCI for access for the net. One of your customers launches a
SYN storm and your provider identifies a certain number of packets leaving
your network with 192.0.2/8 addresses which are part of the attack. Sprint
gets a court order to see those records after the attack is tracked down
to your network. Sprint sues you and has the police lay fraud charges
against you because your network was illegally impersonating a Sprint
customers network and as a result, your packets transitted a route through
Sprint's infrastructure that neither you nor MCI were supposed to use.

Could it happen? If that's what it takes to prevent GIF at 11 then, yes it
could happen. You see there is a fundamental law of the universe that
as you approach GIF at 11 the fabric of the universe stretches and
distorts in a chaotic fractal manner such that you can never actually
reach the point where GIF at 11 occurs.

Michael Dillon - ISP & Internet Consulting
Memra Software Inc. - Fax: +1-604-546-3049 - E-mail: