[51900] in North American Network Operators' Group
Re: How do you stop outgoing spam?
daemon@ATHENA.MIT.EDU (John M. Brown)
Mon Sep 9 21:46:39 2002
Date: Mon, 9 Sep 2002 18:45:12 -0700
From: "John M. Brown" <john@chagresventures.com>
To: nanog@merit.edu
Cc: Eliot Lear <lear@cisco.com>, Paul Vixie <vixie@vix.com>
In-Reply-To: <Pine.GSO.4.31.0209100326470.18528-100000@meron.openu.ac.il>; from rafi-nanog@meron.openu.ac.il on Tue, Sep 10, 2002 at 03:32:31AM +0300
Errors-To: owner-nanog-outgoing@merit.edu
Don't have to do it with Cisco IOS.
FreBSD works quite nice for this. If a Internce Cafe, then place
it on the upstream side of the network, or right before it.
On Tue, Sep 10, 2002 at 03:32:31AM +0300, Rafi Sadowsky wrote:
>
> ## On 2002-09-09 17:15 -0700 Eliot Lear typed:
>
> EL>
> EL> Paul Vixie wrote:
> EL> > per-destination host AND port egress rate shaping. if someone tries to send
> EL> > more than 1Kbit/sec to all port 80's, or more than 1Kbit/sec to any single
> EL> > IP address, then you can safely RED their overage. this violates the whole
> EL> > peer-to-peer model but there's no help for that in the short term. if some
> EL> > internet cafe has a CuCme camera setup then you can find a way to let that
> EL> > traffic off-net without rate shaping. this will be the exception.
> EL>
> EL> Please be aware that this could have unintended consequences, and should
> EL> be used in very constrained ways. In particular, there are any number
> EL> of applications, including VPN applications that use port 80. I would
> EL> recommend that only specified destinations get such treatment, if you
> EL> apply it at all.
>
> Hi Eliot
>
> Maybe I'm missing something obvious but do how you get rate-limiting per
> TCP *flow* with Cisco IOS ?
>
> --
> Regards,
> Rafi
>
>
