[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: t-dsl

On Tue, Aug 01, 2000 at 08:06:42PM +0200, Stefan Nobis wrote:
> Nathan E Norman <nnorman@canaris.midco.net> writes:
> > Smart people *can* get IPs that haven't been assigned to them, and
> > it's a PITA to root them out.  PPPoE, while a hack, addresses this
> > concern for providers.  I wish we used it.
> Tell me more about this. What about configuring the routers only to
> route IPs that are assigned on each connection? In the worst case you
> set for each connection a static IP. How can anyone use IPs they
> haven't been assigned to in this case?

Well, first of all, you want to assign the user an address via DHCP,
or else it's an administrative nightmare.

I don't understand why you'd want to have to enable host routes for
each assigned address ... what a mess (administratively and

You could hard code the ARP tables but that doesn't prevent people
from messing with each other.
On the other hand, the client device (DSL modem or cable modem) should
be able to block access by MAC and IP.  Not all client devices do this

> Do you want to tell me that for leased lines there is no way to stop
> bad people to use IPs that haven't been assigned to them? Where is the
> big difference between leased lines and DSL?

I'm not talking about leased lines, I'm talking about high-capacity
broadband services like DSL and data over HFC cable.
The big difference is that broadband services are a shared network.
Leased lines are not (from a layer 3 point of view, anyway).

> I'm a beginner in the networking section but even i know some ways to
> secure the ISP-side. I can't imagine that all those big ISP like
> Worldcom/UUnet have no idea how to secure their IPs.

I'm not talking about UUNet, I'm talking about broadband providers
like Road Runner, @Home, USWest, etc.

Nathan Norman         "Eschew Obfuscation"          Network Engineer
GPG Key ID 1024D/51F98BB7            http://home.midco.net/~nnorman/
Key fingerprint = C5F4 A147 416C E0BF AB73  8BEF F0C8 255C 51F9 8BB7

Attachment: pgphd0Vgww57f.pgp
Description: PGP signature

Reply to: