[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: NSPs and filters (fwd)
From:       Jon Lewis <jlewis () inorganic5 ! fdt ! net>
Date:       1997-07-14 16:47:17
[Download RAW message or body]

On Mon, 14 Jul 1997, Daniel Senie wrote:

> And it goes beyond that... Every PC running Windows (or any other OS,
> for that matter) has complete ability to do anything with IP. So, any
> user on a dialup line into any ISP is a possible source of attacks.

Not at 1.5mbps :).  Granted I've seen effective synflooding come from a
dialup customer.  Can you say luserdel.  I think you can. :)

> This is why I think the RAS servers need to be able to filter right at
> the point of the dialup. There, the comparison is a simple compare of a
> 32 bit integer (IP address assigned to the dialup user, compared to the
> IP address of packets received from the user). Any discrepancies should
> set off alarm bells...

It's mostly that simple, but not entirely.  Filters for dialup subnet
customers would likely need to make 2 comparisons.

------------------------------------------------------------------
 Jon Lewis <jlewis@fdt.net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
________Finger jlewis@inorganic5.fdt.net for PGP public key_______

[prev in list] [next in list] [prev in thread] [next in thread]