Re: Internet SYN Flooding, spoofing attacks
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Internet SYN Flooding, spoofing attacks
On Mon, 14 Feb 2000, Anders Feder wrote:
> Robert Elz <kre at munnari.OZ.AU> wrote:
> >I'm not sure there is a good analogy there. There's no good purpose
> >in sending packets with incorrect source addresses I can think of,
Crypto- and security-related, I should think. Randomising the source
address makes tracking the existence of communications between a given
source and a given destination that much harder; they know who they're
talking to based on encrypted message content, but no-one else has to.
A lot of surveillance can be based on 'if A is talking to B, then A
must be as guilty as B', and message content is irrelevant. This
helps counters that.
(This is vaguely analogous to OpenBSD using non-sequential packet IDs,
yes? Bet it's not in IPSEC.)
> It is rarely very easy to see what requirements the future will bring and
> particularly in this business you can't be sure what the technology of
> tomorrow demands.
Indeed.
L.
<L.Wood at surrey.ac.uk>PGP<http://www.ee.surrey.ac.uk/Personal/L.Wood/>
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
