nanog mailing list archives
Re: Denial of service attacks apparently from UUNET Netblocks
From: "Jay R. Ashworth" <jra () scfn thpl lib fl us>
Date: Wed, 8 Oct 1997 23:08:50 -0400
On Wed, Oct 08, 1997 at 08:44:00PM -0500, John A. Tamplin wrote:
On Wed, 8 Oct 1997, Matthew V. J. Whalen wrote:I think I heard "John A. Tamplin" say:Why not just have the Radius server generate the filter itself based on the assigned IP address?Aside from having to reconfigure the router everytime somebody logs on or off? Other than having to have the Radius server run a script which logs into the router and enables (assuming that you are using a Cisco)? Ignoring the problems that Cisco's can have with changing access-lists (especially under high load)? (the list could continue) Other than all those reasons, it would work just fine. :) (okay - maybe I'm Cisco bashing and flaming, but I've seen far too many service interruptions caused by changing access-lists to ignore the issue)Well, the original topic was about Ascend, and that is what we run here. As part of the Radius response to the NAS, you can include arbitrary filters to apply to that specific connection. Now, you do pay for that in terms of performance, but the Radius server can supply a specific filter for every connection. Of course, none of the stock Radius servers support that but I am sure everyone has local hacks anyway. For example, all of our authentication information (and usage logs) are maintained in an Informix database.
To belabor the obvious, remember that not all dialups are hosts; what you need to set as the filter on the source addresses is a _netmask_. Cheers, -- jra -- Jay R. Ashworth jra () baylink com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
Current thread:
- Re: Denial of service attacks apparently from UUNET Netblocks, (continued)
- Re: Denial of service attacks apparently from UUNET Netblocks Sean Donelan (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Sharif Torpis (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Dale Drew (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Alex "Mr. Worf" Yuriev (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Sharif Torpis (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Sean Donelan (Oct 07)
- Re: Denial of service attacks apparently from UUNET Netblocks Barney Wolff (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Justin W. Newton (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks John A. Tamplin (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Matthew V. J. Whalen (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks John A. Tamplin (Oct 08)
- Message not available
- Re: Denial of service attacks apparently from UUNET Netblocks Jay R. Ashworth (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks John A. Tamplin (Oct 08)
- Message not available
- Re: Denial of service attacks apparently from UUNET Netblocks Jay R. Ashworth (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Justin W. Newton (Oct 08)
- Re: Denial of service attacks apparently from UUNET Netblocks Sean Donelan (Oct 07)