nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Yahoo! Lessons Learned

From: Daniel Senie <dts () senie com>
Date: Wed, 09 Feb 2000 15:13:43 -0500

Dan Hollis wrote:


On Wed, 9 Feb 2000, Daniel Senie wrote:

Dialup pools should also be protected. No sense in permitting problems
to originate on a dialup modem or ISDN line. I know the Lucent/Ascend
MAX product accepts an attribute Ascend-Source-IP-Check, which can be
applied as a part of the RADIUS authentication. Have the large dialup
wholesalers implemented this?


When I asked a couple dialup wholesalers this question point blank last
year, the answer was no - because their routers/term servers didn't have
enough CPU to do filtering.


I don't buy this. The wholesalers are allowing (requiring?) filters be
added to block port 25 to all but the retail ISP's mail servers. Seems
to me if the box can handle that filter, adding one for source IP is
isn't significant additional load. The nice thing with the Ascend
attribute is the ability to apply it generically, and without the Radius
server having to know the IP address being assigned to the user.

-- 
-----------------------------------------------------------------
Daniel Senie                                        dts () senie com
Amaranth Networks Inc.            http://www.amaranthnetworks.com
Previous By Date Next
Previous By Thread Next

Current thread: