On Sun, 19 Jan 2003, Christopher L. Morrow wrote: > > you could partly get around this by blocking all 'SYN' packets going to > > your customers :-) > > and we are hoping none are hosting webservers or mail servers or.... > right? Oh wait! I'll just make them use my datacenters, right?? or were > you not talking about the attacks?
I was refering specifically to end user workstations. For example home machines on dial up or broadband connections. A lot of broadband providers already prohibit running servers and block certain inbound ports (eg 21 and 80). *shrug* just seems like it would make more sense to block all incoming 'syn' packets. Wouldn't that be faster than inspecting the destination port against two seperate rules? I don't know how these operators do their blocking..
