Home page logo

nanog logo nanog mailing list archives

Re: NSPs and filters (fwd)
From: Jon Lewis <jlewis () inorganic5 fdt net>
Date: Mon, 14 Jul 1997 12:47:17 -0400 (EDT)

On Mon, 14 Jul 1997, Daniel Senie wrote:

And it goes beyond that... Every PC running Windows (or any other OS,
for that matter) has complete ability to do anything with IP. So, any
user on a dialup line into any ISP is a possible source of attacks.

Not at 1.5mbps :).  Granted I've seen effective synflooding come from a
dialup customer.  Can you say luserdel.  I think you can. :)

This is why I think the RAS servers need to be able to filter right at
the point of the dialup. There, the comparison is a simple compare of a
32 bit integer (IP address assigned to the dialup user, compared to the
IP address of packets received from the user). Any discrepancies should
set off alarm bells...

It's mostly that simple, but not entirely.  Filters for dialup subnet
customers would likely need to make 2 comparisons.

 Jon Lewis <jlewis () fdt net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/message.
 Florida Digital Turnpike    |  
________Finger jlewis () inorganic5 fdt net for PGP public key_______

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]