|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Yahoo! Lessons Learned
Dan Hollis wrote: > > On Wed, 9 Feb 2000, Daniel Senie wrote: > > Dialup pools should also be protected. No sense in permitting problems > > to originate on a dialup modem or ISDN line. I know the Lucent/Ascend > > MAX product accepts an attribute Ascend-Source-IP-Check, which can be > > applied as a part of the RADIUS authentication. Have the large dialup > > wholesalers implemented this? > > When I asked a couple dialup wholesalers this question point blank last > year, the answer was no - because their routers/term servers didn't have > enough CPU to do filtering. I don't buy this. The wholesalers are allowing (requiring?) filters be added to block port 25 to all but the retail ISP's mail servers. Seems to me if the box can handle that filter, adding one for source IP is isn't significant additional load. The nice thing with the Ascend attribute is the ability to apply it generically, and without the Radius server having to know the IP address being assigned to the user. -- ----------------------------------------------------------------- Daniel Senie [email protected] Amaranth Networks Inc. http://www.amaranthnetworks.com
|