[27629] in resnet
Re: SOHO WiFi routers and residential networking
daemon@ATHENA.MIT.EDU (Jim Warner)
Sun May 6 01:27:02 2012
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=bcaec553fdf476916404bf575c82
Message-ID: <CAGDOHXujgBHUF4G5y0VTbrk6p6DF+Gp2HypWaDCMOqQmHqaeug@mail.gmail.com>
Date: Sat, 5 May 2012 22:24:01 -0700
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Jim Warner <warner@ucsc.edu>
To: RESNET-L@listserv.nd.edu
--bcaec553fdf476916404bf575c82
Content-Type: text/plain; charset=UTF-8
Date: Sat, 5 May 2012 16:34:53 -0400
> From: Ryan Dorman <Ryan.Dorman@blackboard.com>
> Subject: Re: SOHO WiFi routers and residential networking
>
> There are certainly cases where larger subnets are required and indeed on
> my own network I have some cases of that. The underlying issue is traffic
> containment and network segmentation. Private VLAN's, using controller
> based settings to inhibit P2P wireless traffic things like that...
>
At Santa Cruz, our most common residential subnet is a /22 -- 1024
addresses. We haven't seen any problems with that since the "old times"
when desktop systems would respond to broadcast packets (i.e. ping). We
understand private VLANs, but we don't want to block the users from
communicating with each other.
If the topic is unicast flooding, the way that can happen is if the MAC
tables on the network switches are missing entries for destination
addresses. IEEE bridging rules are that packets with unknown addresses
should be flooded until the location of the destination is learned. If the
MAC table is full, learning is not possible. So the whole subnet can be
attacked by flooding it with packets with many different destination
addresses. This forces all the switches to become transparent and flood
all packets.
You can read about MAC flooding at http://en.wikipedia.org/wiki/MAC_flooding
It is probably not possible to launch this kind of unicast flood attack
through a SOHO router because the user does not have programmatic control
of the MAC address -- to change it at a high rate of speed. So this can't
be the Montana problem == if it is really caused by the routers. I'm in
agreement that a packet trace would be useful.
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--bcaec553fdf476916404bf575c82
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<br><br><div class=3D"gmail_quote"><br><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Date: =C2=A0 =C2=A0Sat, 5 May 2012 16:34:53 -0400<br>
From: =C2=A0 =C2=A0Ryan Dorman <<a href=3D"mailto:Ryan.Dorman@blackboard=
.com">Ryan.Dorman@blackboard.com</a>><br>
Subject: Re: SOHO WiFi routers and residential networking<br>
<br>
There are certainly cases where larger subnets are required and indeed on m=
y own network I have some cases of that. =C2=A0The underlying issue is traf=
fic containment and network segmentation. =C2=A0Private VLAN's, using c=
ontroller based settings to inhibit P2P wireless traffic things like that..=
.<br>
</blockquote><div><br>At Santa Cruz, our most common residential subnet is =
a /22 -- 1024 addresses. We haven't seen any problems with that since t=
he "old times" when desktop systems would respond to broadcast pa=
ckets (i.e. ping).=C2=A0 We understand private VLANs, but we don't want=
to block the users from communicating with each other.=C2=A0 <br>
<br>If the topic is unicast flooding, the way that can happen is if the MAC=
tables on the network switches are missing entries for destination address=
es.=C2=A0 IEEE bridging rules are that packets with unknown addresses shoul=
d be flooded until the location of the destination is learned.=C2=A0 If the=
MAC table is full, learning is not possible.=C2=A0 So the whole subnet can=
be attacked by flooding it with packets with many different destination ad=
dresses.=C2=A0 This forces all the switches to become transparent and flood=
all packets.=C2=A0 <br>
<br>You can read about MAC flooding at <a href=3D"http://en.wikipedia.org/w=
iki/MAC_flooding">http://en.wikipedia.org/wiki/MAC_flooding</a><br><br>It i=
s probably not possible to launch this kind of unicast flood attack through=
a SOHO router because the user does not have programmatic control of the M=
AC address -- to change it at a high rate of speed.=C2=A0 So this can't=
be the Montana problem =3D=3D if it is really caused by the routers. I'=
;m in agreement that a packet trace would be useful.<br>
<br></div></div>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--bcaec553fdf476916404bf575c82--
