|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: IPv6, IPSEC and DoS
On Mon, 3 Jan 2005, Sean Donelan wrote: > Not necessarily. Some public networks are moving away from the ask > everyone the question, anyone can answer model. It cuts down on the > chatter, and the spoofing. That doesn't mean you have to go to a static > provisioning model, but it does mean you have to think harder about what > you trust, what asks the questions and what answers the questions. One example is the typical cable modem provider. A DOCSIS modem is provisioned with a MAC address known to the telco, and effectively creates a virtual "port" on a huge switch^Whub with the modem's MAC as the port identifier. The MAC of the device behind the virtual port is then provisioned using some sort of interface that detects and stores that MAC address as associated with the modem. At that point it's easy to automate the process and allow packets from known MAC addresses through only their associated virtual ports. -- -- Todd Vierling <[email protected]> <[email protected]>
|