[12821] in North American Network Operators' Group
Re: Denial of service attacks apparently from UUNET Netblocks
daemon@ATHENA.MIT.EDU (Matthew V. J. Whalen)
Wed Oct 8 21:50:26 1997
To: "John A. Tamplin" <jat@traveller.com>
cc: "Justin W. Newton" <justin@priori.net>, nanog@merit.edu
In-reply-to: Your message of "Wed, 08 Oct 1997 19:59:56 CDT."
<Pine.A32.3.91.971008195900.27882L-100000@cyclone.traveller.com>
Date: Wed, 08 Oct 1997 21:37:51 -0400
From: "Matthew V. J. Whalen" <mwhalen@uucom.com>
I think I heard "John A. Tamplin" say:
>Why not just have the Radius server generate the filter itself based on the
>assigned IP address?
Aside from having to reconfigure the router everytime somebody logs on
or off? Other than having to have the Radius server run a script which
logs into the router and enables (assuming that you are using a Cisco)?
Ignoring the problems that Cisco's can have with changing access-lists
(especially under high load)? (the list could continue) Other than all
those reasons, it would work just fine. :)
(okay - maybe I'm Cisco bashing and flaming, but I've seen far too many
service interruptions caused by changing access-lists to ignore the issue)
-----
-matthew
