[7400] in North American Network Operators' Group
Re: Alpha test of MAE filtering capability
daemon@ATHENA.MIT.EDU (Scott Blandford)
Tue Feb 4 10:41:06 1997
From: scottb@carfax.ims.advantis.com (Scott Blandford)
To: nanog@merit.edu
Date: Tue, 4 Feb 1997 10:44:03 -0500 (EST)
In-Reply-To: <199702041413.JAA17541@all-purpose-gunk.near.net> from "John Hawkinson" at Feb 4, 97 09:13:45 am
It's not that hard to write a script that temporarily points a static route
for an unregistered address at each of the machines at a meet point. By
tracerouting to that address you can detect if someone is pointing default at
you.
The script does not have to be a very CPU intensive operation, and if it is
run once a day, it ought to provide a fairly good clue as to whether or not
someone is abusing your network.
I would like to stay away from port filtering except as a last resort. I think
that there are far too many unforeseen problems and complications in debugging.
And for better or worse it would require the removal of all third party
routing which I would guess is pretty common at the Mae's.
Scott Blandford
IBM Global Network
