[10787] in North American Network Operators' Group
Re: NSPs and filters (fwd)
daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Jul 14 13:18:01 1997
Date: Mon, 14 Jul 1997 12:47:17 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Daniel Senie <dts@proteon.com>
cc: "Sean M. Doran" <smd@clock.org>, Michael <michael@dook.org>,
ice 9 <ice9@paranoia.com>, nanog@merit.edu
In-Reply-To: <33CA53EC.FD440E01@proteon.com>
On Mon, 14 Jul 1997, Daniel Senie wrote:
> And it goes beyond that... Every PC running Windows (or any other OS,
> for that matter) has complete ability to do anything with IP. So, any
> user on a dialup line into any ISP is a possible source of attacks.
Not at 1.5mbps :). Granted I've seen effective synflooding come from a
dialup customer. Can you say luserdel. I think you can. :)
> This is why I think the RAS servers need to be able to filter right at
> the point of the dialup. There, the comparison is a simple compare of a
> 32 bit integer (IP address assigned to the dialup user, compared to the
> IP address of packets received from the user). Any discrepancies should
> set off alarm bells...
It's mostly that simple, but not entirely. Filters for dialup subnet
customers would likely need to make 2 comparisons.
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
