Firewalls: Re: SYS Floods

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SYS Floods - solution-2
From:	peter @ baileynm . com (Peter da Silva)
Date:	Tue, 17 Sep 1996 09:50:31 -0500 (CDT)
To:	paul @ mci . net (Paul Krumviede)
Cc:	peter @ baileynm . com
In-reply-to:	<2 . 2 . 32 . 19960917133824 . 0090e254 @ alpha1 . reston . mci . net> from "Paul Krumviede" at Sep 17, 96 09:38:24 am

> Either pre-fill the packet with enough (bogus?) recorded routes to
> fill the IP options field

That would be hard to get around, yes. Any magic tag you put in there
to say "this is REAL recorded info" can be spoofed by the attacker too.
Hmmm... I don't know enough to think of a counter to that.

> or attack something far enough away to
> cause the IP option field to be filled with correct information.

That's not a problem... it's saving the information near the attacker, and
that's the information you want.

> Besides, the backbone routers of most service providers probably
> can't do this and keep up with current traffic loads, since any
> packet rewriting is generally out of the fast path...

It would probably be possible to get that fixed if this turns into a big
enough problem.

Follow-Ups:

Re: SYS Floods - solution-2
From: "Bruce M." <bkmarsh @ feist . com>

Indexed By Date	Previous:	RE: Internet policy (fwd) From: Scott Cokely <Scott . Cokely @ tus . ssi1 . COM>
Indexed By Date	Next:	SYN flooding - setting the SO_MAXCONN value From: David Worthington <dave @ chadwyck . co . uk>
Indexed By Thread	Previous:	RE: SYS Floods - solution-2 From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Indexed By Thread	Next:	Re: SYS Floods - solution-2 From: "Bruce M." <bkmarsh @ feist . com>