[39136] in North American Network Operators' Group
Re: Cable Modem [really responsible engineering]
daemon@ATHENA.MIT.EDU (Chris Adams)
Tue Jun 26 21:20:47 2001
Date: Tue, 26 Jun 2001 20:20:13 -0500
From: Chris Adams <cmadams@hiwaay.net>
To: nanog@merit.edu
Message-ID: <20010626202013.A23709@HiWAAY.net>
Mail-Followup-To: Chris Adams <cmadams@hiwaay.net>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9hb41u$l4v$1@ncc1701.cistron.net>; from miquels@cistron-office.nl on Tue, Jun 26, 2001 at 10:58:06PM +0000
Errors-To: owner-nanog-outgoing@merit.edu
Once upon a time, Miquel van Smoorenburg <miquels@cistron-office.nl> said:
> When the BRAS requests config info when the circuit goes up (using
> radius) or when it acts as a DHCP relay, it includes the VPI/VCI
> of the ATM channel in the request. That means that you can assign
> IP addresses based on the physical connection rather than the MAC
> address, and this is what we do [well, will do soon anyway ;)]
Okay, but how do you keep the end user from putting a different IP in
their computer? We use PPPoA for our "residential" DSL, but someone
that works here lives outside our service area (small local telcos are
all over this area), and just got DSL from his local telco/ISP, which
uses 1483 bridging. He has multiple computers, so he just picked
another address, pinged it to see it wasn't in use at the moment, used
it, and it worked just fine.
Also, how do you prevent the user from trying to forge someone else's
IP address or even MAC address in outgoing packets? Without protecting
against forged packets, I don't see how to provide accountability when
someone attacks.
DHCP or RADIUS (how did I know you used RADIUS :-) ) is fine for
assigning things, but how do you _enforce_ those assignments? I know
how with PPPoA, but not with a bridged network (the same thing applies
with cable modems).
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
