Re: [nsp] Re: TTL issues [NO - NOTHING TO DO WIH DOS ATTACKS]

From: Avi Freedman (freedman@netaxs.com)
Date: Sun Mar 29 1998 - 09:52:59 EST


Yep, just looking at the docs for CC in the other window...

Yum.

Avi

> Avi,
>
> > Why not use static MAC mappings and turn off arp?
>
> That would work, but is a hassle when they change their ethernet
> cards. An improvement would be to turn of ARP for specific IP
> ranges, and leave the law-abiding customers alone (how?). The real solution
> appears to be to change the product slightly and run CAR rate-limit from the
> CC train. Then I don't care what they put behind it.
>
> Alex Bligh
> GX Networks (formerly Xara Networks)
>
> >
> > Avi
> >
> > > I shall learn in future never to post to two lists with similar
> > > readerships on different issues simultaneously. Following my
> > > post on NANOG I've now been told by no less than 8 people that
> > > my cisco-nsp question is not the right way to go about solving
> > > DOS attacks. I agree completely. That wasn't what I was trying to
> > > do. FWIW here's what I want to do:
> > >
> > > > > We've run out of space in our colocation areas and people
> > > > > are thus buying our ethernet colocation service and finding their
> > > > > own space in the building. They can get (say) a Class C for
> > > > > virtual hosts. I want to stop them plugging in a gated box
> > > > > and running an etnire network behind it. IE what I want to
> > > > > make sure is that it only goes to addresses whose MAC addresses
> > > > > are immediately visible. This seemed like a nice way to do it.
> > > > > Yes, one joker has tried it.
> > >
> > > --
> > > Alex Bligh
> > > GX Networks (formerly Xara Networks)
> >
>
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:16 EDT