RE: Advisory - tunneling of IP at exchange points.

[Dave Van Allen <dave () fast net>]

Thanks Paul, wonderful job.  Side-note (taken from the exploit write-up
http://www.linx.net/tunnel-advisory.txt):

> // Adding "log-input" to the end of each access-list line will log
> // the hardware address of the sender for good measure. IOS 11.1
> // and upwards only (from memory)

We find log-input to very unreliable and often producing wrong
information. It indeed operates differently across the 11.1 train (no
comment on 11.2 offered) I think 11.1.15 breaks it badly. Albeit
improperly worded and not well defined in print on CCO, please reference
cisco BUGid CSCdj40503 prior to trusting log-input for any valid info. 

Best regards,

David Van Allen - FASTNET(tm) / You Tools Corporation
dave () fast net (888)321-FAST(3278) http://www.fast.net
FASTNET - Business and Personal Internet Solutions



> -----Original Message-----
> From: Paul Thornton [SMTP:prt () linx net]
> Sent: Tuesday, November 25, 1997 9:47 AM
> To:   nanog () merit edu
> Cc:   eof () ripe net; se-gix () sunet se; mae-east-tech () uu net;
> membership () linx net; ops () linx net
> Subject:      Advisory - tunneling of IP at exchange points.
>
> -- PLEASE NOTE: If you are replying to this, consider pruning the list
> --              of cc's rather than crossposting replies wildly!
> Thanks.
[snip]

> The LINX and several of its members have recently had to take action
> against an ISP that was using GRE tunneling between exchange points
> to appropriate the capacity of other ISPs.
>
> Keith Mitchell
>
> Chairman
> London InterNet Exchange       keith () linx org
> Geneva House, 3 Park Road
> Peterborough  PE1 2UX
> United Kingdom
> Phone: +44 1733 705000         (fax 353929)
>
>
> Paul
>
> --
> Paul Thornton, Network Engineer, London Internet Exchange Ltd.
> Tel: 07000 783797   Mobile: +44 467 372205