[65644] in North American Network Operators' Group
Re: Firewall stateful handling of ICMP packets
daemon@ATHENA.MIT.EDU (Joe Abley)
Wed Dec 3 23:50:43 2003
In-Reply-To: <Pine.WNT.4.58.0312032146000.2944@mobile>
Cc: nanog@merit.edu
From: Joe Abley <jabley@isc.org>
Date: Wed, 3 Dec 2003 23:48:29 -0500
To: Adi Linden <adil@adis.on.ca>
Errors-To: owner-nanog-outgoing@merit.edu
On 3 Dec 2003, at 22:53, Adi Linden wrote:
> One solution is to get away from unlimited bandwidth. Once there is a
> cost
> associated to having a PC source Nachi or Welchi traffic, customers
> will
> learn to be more concerned and educate themselves. The cost doesn't
> have
> to be moneytary. Progressive rate limiting could be used, where traffic
> gets pinched as the allowed traffic per time slot is consumed.
Live example of how well monetary pinching works in New Zealand --
there have been cases of people receiving $15,000 monthly phone bills
which are mainly comprised of ADSL traffic charges. So, the traffic
charges stop the rogue traffic, by sending customers bankrupt, but only
about a month or so after the fact.
Punishing high-traffic users by progressive traffic shaping sounds more
effective, although the implementation sounds potentially hairy.
Joe
