North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Advisory - tunneling of IP at exchange points.
Maybe I'm missing something, but couldn't you block this with routing as well? The attack seems to be based on the fact that your NAP routers have routes to other NAP LANs. Let's say you connect to just MAE-E and MAE-W. At MAE-E, add a route for the MAE-W network to null0. Do the opposite at MAE-W. While this may not work for everyone, is should work for the majority. It may also be more pleasant then adding filters to a high speed interface. Jeff Swinton At 03:53 PM 11/25/97 +0000, Neil J. McRae wrote: >On Tue, 25 Nov 1997 14:47:22 +0000 (GMT) > Paul Thornton <email@example.com> wrote: > >> >> The LINX and several of its members have recently had to take action >> against an ISP that was using GRE tunneling between exchange points >> to appropriate the capacity of other ISPs. >> > >Hmm unfortuntely for us GRF owners it seems that filterd cannot deal >with filter this. Joy! I wonder how many months for a fix!? > >Neil. >-- >Neil J. McRae. Alive and Kicking. Domino: In the glow of the night. >neil@DOMINO.ORG NetBSD/sparc: 100% SpF (Solaris protection Factor) > Free the daemon in your <A HREF="http://www.NetBSD.ORG/">computer!</A> > > >