On Tue, Aug 01, 2000 at 08:06:42PM +0200, Stefan Nobis wrote: > Nathan E Norman <nnorman@canaris.midco.net> writes: > > > Smart people *can* get IPs that haven't been assigned to them, and > > it's a PITA to root them out. PPPoE, while a hack, addresses this > > concern for providers. I wish we used it. > > Tell me more about this. What about configuring the routers only to > route IPs that are assigned on each connection? In the worst case you > set for each connection a static IP. How can anyone use IPs they > haven't been assigned to in this case? Well, first of all, you want to assign the user an address via DHCP, or else it's an administrative nightmare. I don't understand why you'd want to have to enable host routes for each assigned address ... what a mess (administratively and technically). You could hard code the ARP tables but that doesn't prevent people from messing with each other. On the other hand, the client device (DSL modem or cable modem) should be able to block access by MAC and IP. Not all client devices do this however. > Do you want to tell me that for leased lines there is no way to stop > bad people to use IPs that haven't been assigned to them? Where is the > big difference between leased lines and DSL? I'm not talking about leased lines, I'm talking about high-capacity broadband services like DSL and data over HFC cable. The big difference is that broadband services are a shared network. Leased lines are not (from a layer 3 point of view, anyway). > I'm a beginner in the networking section but even i know some ways to > secure the ISP-side. I can't imagine that all those big ISP like > Worldcom/UUnet have no idea how to secure their IPs. I'm not talking about UUNet, I'm talking about broadband providers like Road Runner, @Home, USWest, etc. -- Nathan Norman "Eschew Obfuscation" Network Engineer GPG Key ID 1024D/51F98BB7 http://home.midco.net/~nnorman/ Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7
Attachment:
pgphd0Vgww57f.pgp
Description: PGP signature