Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Denial of service attacks apparently from UUNET Netblocks

  • From: John A. Tamplin
  • Date: Wed Oct 08 22:15:38 1997

On Wed, 8 Oct 1997, Matthew V. J. Whalen wrote:

> I think I heard "John A. Tamplin" say:
> >Why not just have the Radius server generate the filter itself based on the
> >assigned IP address?
> 
> Aside from having to reconfigure the router everytime somebody logs on
> or off? Other than having to have the Radius server run a script which
> logs into the router and enables (assuming that you are using a Cisco)?
> Ignoring the problems that Cisco's can have with changing access-lists
> (especially under high load)? (the list could continue)  Other than all
> those reasons, it would work just fine. :)
> 
> (okay - maybe I'm Cisco bashing and flaming, but I've seen far too many
> service interruptions caused by changing access-lists to ignore the issue)

Well, the original topic was about Ascend, and that is what we run here.  As
part of the Radius response to the NAS, you can include arbitrary filters to
apply to that specific connection.  Now, you do pay for that in terms of
performance, but the Radius server can supply a specific filter for every
connection.  Of course, none of the stock Radius servers support that but I
am sure everyone has local hacks anyway.  For example, all of our 
authentication information (and usage logs) are maintained in an Informix
database.

John Tamplin					Traveller Information Services
jat@Traveller.COM				2104 West Ferry Way
205/883-4233x7007				Huntsville, AL 35801





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.