nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alpha test of MAE filtering capability

From: ALAN DORN HETZEL JR <dorn () atlanta net>
Date: Tue, 04 Feb 1997 13:16:39 EST
I don't think filters are a problem for third party routing as long
as the third party routing is not done in secret.  If I am sending
you third party routes for someone, and you know it because I tell
you I am and you agree to let me, then you can open your filters to
the source port for those routes.  Third party routes that are 
being done without the knowledge of the traffic target are a bad
thing and shouldn't be done anyway...

        -Dorn


It's not that hard to write a script that temporarily points a static route
for an unregistered address at each of the machines at a meet point.  By
tracerouting to that address you can detect if someone is pointing default at
you.  

The script does not have to be a very CPU intensive operation, and if it is
run once a day, it ought to provide a fairly good clue as to whether or not
someone is abusing your network.

I would like to stay away from port filtering except as a last resort.  I think
that there are far too many unforeseen problems and complications in debugging.
And for better or worse it would require the removal of all third party 
routing which I would guess is pretty common at the Mae's.

Scott Blandford
IBM Global Network

- - - - - - - - - - - - - - - - -
Previous By Date Next
Previous By Thread Next

Current thread: