North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: DDOS attacks and Large ISPs doing NAT?

  • From: Daniska Tomas
  • Date: Thu May 02 13:55:31 2002

jon,

1000x ack


and for all: i think this MOTD is something very close to the isp nat thread :)

"There are only 10 types of people in this world: those who understand binary, and those who don't."

(Credits to Theodore Tzevelekis/Cisco)



deejay

--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.



> -----Original Message-----
> From: Mansey, Jon [mailto:[email protected]] 
> Sent: 2. m�ja 2002 19:31
> To: [email protected]
> Subject: RE: DDOS attacks and Large ISPs doing NAT? 
> 
> 
> 
> To merge these 2 great threads, it is the case is it not that 
> NAT is a great way to avoid DDOS problems. I don't even want 
> to imagine what the billing/credit issues would be like if 
> your always-on phone with a real IP is used as a zombie in a 
> DDOS. "Hey I didn't use all that traffic last month....etc etc"
> 
> I still maintain, since the last time this was on Nanog, that 
> real IP addresses should not be entrusted to the great unwashed.
> 
> And as for NAT breaking applications, I think its time the 
> applications wised up and worked around the NAT issues. Look, 
> if your application is important enough to you as the 
> developer, you are going to want it to penetrate and work for 
> as many ppl as possible right? Office workers, home users 
> with gateways, GPRS/GSM/3G cell users etc etc. So you make it 
> use protocols that traverse NAT without breaking. Look at the 
> streaming media players out there, they try to use, in order, 
> multicast (the most effcient and best quality), UDP,TCP then 
> HTTP. If it cant get a connection with any of the first 
> protocols, it falls back to http, and you get your stream.
> 
> When you look at the economics of usability of your app, I 
> think your going to want to make it work through firewalls.
> 
> Jm