nanog mailing list archives
Re: IPv4 Exhaustion...
From: Valdis.Kletnieks () vt edu
Date: Sat, 24 Jul 2010 16:28:32 -0400
On Sat, 24 Jul 2010 15:40:58 EDT, Christopher Morrow said:
why wouldn't you just do the intercept before the LSN?
That gets interesting too, when several tens of thousands of users may all be behind the same LSN. Making sure you intercept only the right user's traffic gets a lot more interesting in front of the LSN. Doing it behind the LSN means you can snarf up just the traffic heading to/from one NAT'ed IP, which is hopefully changing not all that often. Doing it in front of the LSN means you need to decide whether to capture the data in real time on a per-flow basis (consider the fun involved in catching a SYN packet outbound - what's your time budget between when the miscreant's packet leaves his host and when you have to catch it on the outbound side of the LSN)...
Attachment:
_bin
Description:
Current thread:
- Re: IPv4 Exhaustion..., (continued)
- Re: IPv4 Exhaustion... Ricky Beam (Jul 26)
- Re: IPv4 Exhaustion... Michael Thomas (Jul 26)
- Re: IPv4 Exhaustion... Ricky Beam (Jul 26)
- Re: IPv4 Exhaustion... nick hatch (Jul 23)
- Re: IPv4 Exhaustion... Barry Shein (Jul 24)
- Re: IPv4 Exhaustion... khatfield (Jul 23)
- Re: IPv4 Exhaustion... Steven Bellovin (Jul 23)
- Re: IPv4 Exhaustion... Ricky Beam (Jul 23)
- Re: IPv4 Exhaustion... Leo Vegoda (Jul 23)
- Re: IPv4 Exhaustion... Owen DeLong (Jul 24)
- Re: IPv4 Exhaustion... Christopher Morrow (Jul 24)
- Re: IPv4 Exhaustion... Valdis . Kletnieks (Jul 24)
- Re: IPv4 Exhaustion... Christopher Morrow (Jul 24)
- Re: IPv4 Exhaustion... Ricky Beam (Jul 26)
- RE: IPv4 Exhaustion... Deepak Jain (Jul 26)
- Re: IPv4 Exhaustion... Ricky Beam (Jul 26)
- Re: IPv4 Exhaustion... Steven Bellovin (Jul 23)
- Re: IPv4 Exhaustion... Ricky Beam (Jul 26)
- RE: IPv4 Exhaustion... Deepak Jain (Jul 26)
- Re: IPv4 Exhaustion... Rubens Kuhl (Jul 26)