7

Ok so apparently you can specify a source IP when doing a SYN request or something. Besides just asking why in the world that would even be allowed, I will move past that because I want to understand how these things work, like SYN floods.

When a packet of any kind enters a WAN, the service provider knows where the IP came from when it hits the edge router/gateway. I would think. I mean without needing to read packet info. They've got the MAC of the modem or know the interface of the line etc.

So it hits their gateway, and somehow SYNs with fake IPs are allowed to continue their journey?

Why? Of all things that are possible but cause issues, this seems most needless to me. Is there no encapsulation that happens along the way to record the actual origin IP to the target address?

If not, why not? Is there some logistical issue that makes this unfeasible?

tlng05
  • 10,244
  • 1
  • 33
  • 36
terikan
  • 71
  • 1

2 Answers2

2

As stated in RFC3013, section 4.3, this is currently a best practice for ISPs. The RFC also states that this may not be possible in some cases, where the hardware cannot take the additional load.

This remains only a best practice and can hardly be enforced for all ISPs, so some might not do it at all as it does require some extra configuration. Encapsulation to indicate the originating IP certainly doesn't happen along the way, as some customers may have multiple IPs assigned to them (companies mainly), so it is up to the customer to choose which source IP he uses.

Community
  • 1
user2313067
  • 916
  • 1
  • 6
  • 9
2

There are legitimate reasons why outgoing packets might pass through an ISP's user's edge router/modem, whose source address is not an IP that the ISP has assigned to the user's edge router/modem. For instance, this may happen if the user is bridging two networks together.

mti2935
  • 19,868
  • 2
  • 45
  • 64