Home page logo

nanog logo nanog mailing list archives

RE: Alpha test of MAE filtering capability
From: "Chris A. Icide" <chris () nap net>
Date: Fri, 31 Jan 1997 13:39:34 -0600

From:  Paul A Vixie[SMTP:paul () vix com]
But let me turn it around.  With no means of detection, why do we suspect
that it's a problem?  That is, why doesn't the cause for suspicion also work
as a means of detection?

Well, here is the way I found mine.  We keep usage information on all of our
router ports, and one day, my FDDI interface to an exchange point jumps by
10Mbps.  I haven't added any customers, and going back to examine my 
traffic patterns for customer ports, I have no cooinciding traffic increase.  
However, I do show this increase mainly passing from one Exchange point
to the other.  After isolation all traffic sources that would have created such
a jump in traffic, I come up with a big goose egg.  So, my next step was to
log some flows from the router at the exchange point, and after pouring 
through quite a few flows, I begin to see traffic from an entity that my company
has absolutely no relationship with.  This all takes quite a bit of time.  I 
would not want to judge anyone with partial data.  Meanwhile bandwidth paid
for by my customers, and engineered based upon my customer's needs is
being chewed up.  My customers are affected.  I would prefer to prevent 
such events from affecting my customers, who I think would agree with
this method.

IMHO, as long as money is involved, and as long as someone thinks that
they have a chance of getting away with something, they will try it.


- - - - - - - - - - - - - - - - -

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]