Date: Mon, 16 Sep 1996 14:54:29 -0500 (CDT) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: steve@edmweb.com (Steve Reid) Cc: didier@omnix.fr.org, iap@vma.cc.nd.edu, linuxisp@jeffnet.org, freebsd-isp@freebsd.org, os2-isp@dental.stat.com Subject: Re: SYN attacks in the Washington Post Message-ID: <199609161954.OAA06188@brasil.moneng.mei.com> In-Reply-To: <Pine.BSF.3.91.960913124421.191B-100000@bitbucket.edmweb.com> from "Steve Reid" at Sep 13, 96 02:30:15 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> 3- Set your router so that it will _not_ allow packets to be sent from > your network with an address that doesn't match your network. For > instance, if your network is 198.41.0.*, don't allow your router to > send out packets unless the source address matches 198.41.0.*. This > doesn't offer any protection to you, but it will prevent your network from > being used to launch a SYN bombing attack. If someone does attempt it, > they will be limited to forging adresses in your subnet (such as > 198.41.0.253) which the victim can easily block, and you can easily > trace. You could even go so far as to only allow addresses from valid > hosts on your network, which will make SYN bombing from your network > impossible. No, not "impossible". In my opinion, all ISP's should do everything they can to reject bogus addresses from originating at their site. Anything less is incompetence. My standard filtering firewall does numerous things, including: Block all traffic with RFC1918 addresses as source or destination. These never have a valid reason for passing through a border router. Block all inbound traffic with source addresses that are in my CIDR blocks. Block all inbound traffic with destination addresses not in my CIDR blocks. This is explicitly reinforcing the RFC1918 rule :-) but that is OK. Block all outbound traffic except traffic with a source address in my CIDR blocks. Block all outbound traffic except traffic with a destination address NOT in my CIDR blocks (generally: routing errors). You can never be too paranoid. ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609161954.OAA06188>