nanog mailing list archives
RE: DDOS attacks and Large ISPs doing NAT?
From: "Mansey, Jon" <Jon_Mansey () verestar com>
Date: Thu, 2 May 2002 10:30:53 -0700
To merge these 2 great threads, it is the case is it not that NAT is a great way to avoid DDOS problems. I don't even want to imagine what the billing/credit issues would be like if your always-on phone with a real IP is used as a zombie in a DDOS. "Hey I didn't use all that traffic last month....etc etc" I still maintain, since the last time this was on Nanog, that real IP addresses should not be entrusted to the great unwashed. And as for NAT breaking applications, I think its time the applications wised up and worked around the NAT issues. Look, if your application is important enough to you as the developer, you are going to want it to penetrate and work for as many ppl as possible right? Office workers, home users with gateways, GPRS/GSM/3G cell users etc etc. So you make it use protocols that traverse NAT without breaking. Look at the streaming media players out there, they try to use, in order, multicast (the most effcient and best quality), UDP,TCP then HTTP. If it cant get a connection with any of the first protocols, it falls back to http, and you get your stream. When you look at the economics of usability of your app, I think your going to want to make it work through firewalls. Jm
-----Original Message----- From: Jake Khuon [mailto:khuon () NEEBU Net] Sent: Thursday, May 02, 2002 1:51 AM To: nanog () merit edu Subject: Re: Large ISPs doing NAT? ### On Thu, 2 May 2002 10:42:01 +0200, "Daniska Tomas" <tomas () tronet com> ### casually decided to expound upon <nanog () merit edu> the following ### thoughts about "RE: Large ISPs doing NAT? ": DT> and what if one of the devices behind that phone would also be a DT> personal "ip gateway router" (or how you call that)... you could DT> recursively iterate as deep as your mail size allows you to... It's possible. Could it get ugly? Yes. Do we just want to shut our eyes and say "let's not go there."... well... maybe. I just don't think the solution is to say, "this can never happen... we must limit all handheld devices to sitting behind a NAT gateway." DT> hope this thread will not end in a router behind a router that DT> serves as a router seving as a router to another router which has DT> some other routers connected... God forbid! We might have a network on our hands! -- /*===================[ Jake Khuon <khuon () NEEBU Net> ]======================+ | Packet Plumber, Network Engineers /| / [~ [~ |) | | --------------- | | for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S | +============================================================= ============*/
Current thread:
- RE: DDOS attacks and Large ISPs doing NAT? Mansey, Jon (May 02)
- RE: DDOS attacks and Large ISPs doing NAT? Gary E. Miller (May 02)
- Re: DDOS attacks and Large ISPs doing NAT? Alexei Roudnev (May 02)
- RE: DDOS attacks and Large ISPs doing NAT? Ian Cooper (May 02)
- <Possible follow-ups>
- RE: DDOS attacks and Large ISPs doing NAT? Daniska Tomas (May 02)
- RE: DDOS attacks and Large ISPs doing NAT? Mansey, Jon (May 02)
- RE: DDOS attacks and Large ISPs doing NAT? Gary E. Miller (May 02)
- Re: DDOS attacks and Large ISPs doing NAT? Valdis . Kletnieks (May 02)
- Re: DDOS attacks and Large ISPs doing NAT? Bradley Dunn (May 02)
- Re[2]: DDOS attacks and Large ISPs doing NAT? Richard Welty (May 02)
- Re: DDOS attacks and Large ISPs doing NAT? Alexei Roudnev (May 03)
(Thread continues...)