North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Alpha test of MAE filtering capability
- From: ALAN DORN HETZEL JR
- Date: Tue Feb 04 12:22:33 1997
I don't think filters are a problem for third party routing as long
as the third party routing is not done in secret. If I am sending
you third party routes for someone, and you know it because I tell
you I am and you agree to let me, then you can open your filters to
the source port for those routes. Third party routes that are
being done without the knowledge of the traffic target are a bad
thing and shouldn't be done anyway...
>It's not that hard to write a script that temporarily points a static route
>for an unregistered address at each of the machines at a meet point. By
>tracerouting to that address you can detect if someone is pointing default at
>The script does not have to be a very CPU intensive operation, and if it is
>run once a day, it ought to provide a fairly good clue as to whether or not
>someone is abusing your network.
>I would like to stay away from port filtering except as a last resort. I think
>that there are far too many unforeseen problems and complications in debugging.
>And for better or worse it would require the removal of all third party
>routing which I would guess is pretty common at the Mae's.
>IBM Global Network
- - - - - - - - - - - - - - - - -