RE: DDOS attacks and Large ISPs doing NAT?

["Daniska Tomas" <tomas () tronet com>]

jon,

1000x ack


and for all: i think this MOTD is something very close to the isp nat thread :)

"There are only 10 types of people in this world: those who understand binary, and those who don't."

(Credits to Theodore Tzevelekis/Cisco)



deejay

--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.



> -----Original Message-----
> From: Mansey, Jon [mailto:Jon_Mansey () verestar com] 
> Sent: 2. mája 2002 19:31
> To: nanog () merit edu
> Subject: RE: DDOS attacks and Large ISPs doing NAT? 
>
>
>
> To merge these 2 great threads, it is the case is it not that 
> NAT is a great way to avoid DDOS problems. I don't even want 
> to imagine what the billing/credit issues would be like if 
> your always-on phone with a real IP is used as a zombie in a 
> DDOS. "Hey I didn't use all that traffic last month....etc etc"
>
> I still maintain, since the last time this was on Nanog, that 
> real IP addresses should not be entrusted to the great unwashed.
>
> And as for NAT breaking applications, I think its time the 
> applications wised up and worked around the NAT issues. Look, 
> if your application is important enough to you as the 
> developer, you are going to want it to penetrate and work for 
> as many ppl as possible right? Office workers, home users 
> with gateways, GPRS/GSM/3G cell users etc etc. So you make it 
> use protocols that traverse NAT without breaking. Look at the 
> streaming media players out there, they try to use, in order, 
> multicast (the most effcient and best quality), UDP,TCP then 
> HTTP. If it cant get a connection with any of the first 
> protocols, it falls back to http, and you get your stream.
>
> When you look at the economics of usability of your app, I 
> think your going to want to make it work through firewalls.
>
> Jm