[128103] in North American Network Operators' Group
Re: IPv4 Exhaustion...
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Sat Jul 24 16:36:21 2010
In-Reply-To: <101106.1280003312@localhost>
Date: Sat, 24 Jul 2010 16:36:08 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Valdis.Kletnieks@vt.edu
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Jul 24, 2010 at 4:28 PM, <Valdis.Kletnieks@vt.edu> wrote:
> On Sat, 24 Jul 2010 15:40:58 EDT, Christopher Morrow said:
>> why wouldn't you just do the intercept before the LSN?
>
> That gets interesting too, when several tens of thousands of users may al=
l be
> behind the same LSN. =A0Making sure you intercept only the right user's t=
raffic
> gets a lot more interesting in front of the LSN. =A0Doing it behind the L=
SN means
> you can snarf up just the traffic heading to/from one NAT'ed IP, which is
> hopefully changing not all that often. =A0Doing it in front of the LSN me=
ans you
> need to decide whether to capture the data in real time on a per-flow bas=
is
> (consider the fun involved in catching a SYN packet outbound - what's you=
r time
> budget between when the miscreant's packet leaves his host and when you h=
ave to
> catch it on the outbound side of the LSN)...
innocent until proven guilty... plus probably a large portion of the
calea things aren't for a 'miscreant' anyway but for other reasons.
say, i wonder how many actual calea requests have been sent out
anyway?? (I know one very large network has yet to get a single one,
or so the grape vine tells me.)
>
>
