North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Advisory - tunneling of IP at exchange points.
- From: Jeff Swinton
- Date: Tue Nov 25 12:01:17 1997
Maybe I'm missing something, but couldn't you block this with routing
as well? The attack seems to be based on the fact that your NAP routers have
routes to other NAP LANs.
Let's say you connect to just MAE-E and MAE-W. At MAE-E, add a route
for the MAE-W network to null0. Do the opposite at MAE-W. While this may
not
work for everyone, is should work for the majority. It may also be more
pleasant then adding filters to a high speed interface.
Jeff Swinton
At 03:53 PM 11/25/97 +0000, Neil J. McRae wrote:
>On Tue, 25 Nov 1997 14:47:22 +0000 (GMT)
> Paul Thornton <prt@linx.net> wrote:
>
>>
>> The LINX and several of its members have recently had to take action
>> against an ISP that was using GRE tunneling between exchange points
>> to appropriate the capacity of other ISPs.
>>
>
>Hmm unfortuntely for us GRF owners it seems that filterd cannot deal
>with filter this. Joy! I wonder how many months for a fix!?
>
>Neil.
>--
>Neil J. McRae. Alive and Kicking. Domino: In the glow of the night.
>neil@DOMINO.ORG NetBSD/sparc: 100% SpF (Solaris protection Factor)
> Free the daemon in your <A HREF="http://www.NetBSD.ORG/";>computer!</A>
>
>
>
|
