> > a filtering router that restricts the input to your external interface
> > (known as an input filter) by not allowing a packet through if it has a
> > source address from your internal
> > network. "
> I am not clear on why this would not eliminate IP-spoofed packets
> all together.
Because this filter only blocks packets that have a spoofed address
from inside the network they are attacking. It does not prevent the
attacker from spoofing an external address, and that is perfectly
adequate to launch the SYN attack.
From: Andrea Brenton <abrenton @