Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Alpha test of MAE filtering capability

  • From: ALAN DORN HETZEL JR
  • Date: Tue Feb 04 12:22:33 1997

I don't think filters are a problem for third party routing as long
as the third party routing is not done in secret.  If I am sending
you third party routes for someone, and you know it because I tell
you I am and you agree to let me, then you can open your filters to
the source port for those routes.  Third party routes that are 
being done without the knowledge of the traffic target are a bad
thing and shouldn't be done anyway...

	-Dorn

>It's not that hard to write a script that temporarily points a static route
>for an unregistered address at each of the machines at a meet point.  By
>tracerouting to that address you can detect if someone is pointing default at
>you.  
>
>The script does not have to be a very CPU intensive operation, and if it is
>run once a day, it ought to provide a fairly good clue as to whether or not
>someone is abusing your network.
>
>I would like to stay away from port filtering except as a last resort.  I think
>that there are far too many unforeseen problems and complications in debugging.
>And for better or worse it would require the removal of all third party 
>routing which I would guess is pretty common at the Mae's.
>
>Scott Blandford
>IBM Global Network
- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.