|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NSPs and filters (fwd)
On Mon, 14 Jul 1997, Daniel Senie wrote: > And it goes beyond that... Every PC running Windows (or any other OS, > for that matter) has complete ability to do anything with IP. So, any > user on a dialup line into any ISP is a possible source of attacks. Not at 1.5mbps :). Granted I've seen effective synflooding come from a dialup customer. Can you say luserdel. I think you can. :) > This is why I think the RAS servers need to be able to filter right at > the point of the dialup. There, the comparison is a simple compare of a > 32 bit integer (IP address assigned to the dialup user, compared to the > IP address of packets received from the user). Any discrepancies should > set off alarm bells... It's mostly that simple, but not entirely. Filters for dialup subnet customers would likely need to make 2 comparisons. ------------------------------------------------------------------ Jon Lewis <[email protected]> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ________Finger [email protected] for PGP public key_______
|