Andrea Brenton wrote:
> I am not clear on why this would not eliminate IP-spoofed packets
> all together. Seems pretty straight forward to me. Prevent any packets
> coming into my network from the internet if they originate from an IP number
> that applies to my internal network. What would it miss? What am I missing?
The IP spoofing that is being used in the SYN attack is that the syn
segments are being sent with random IP source addresses, not addresses
on your local network (unless just by chance - about the same odds as
winning the lottery).
Therefore this type of filtering (which should be implemented to stop
other types of ip spoofing attacks) will do nothing to prevent this syn
From: Andrea Brenton <abrenton @