DDOS attacks and Large ISPs doing NAT?
Daniska Tomas
tomas at tronet.com
Thu May 2 17:53:13 UTC 2002
jon,
1000x ack
and for all: i think this MOTD is something very close to the isp nat thread :)
"There are only 10 types of people in this world: those who understand binary, and those who don't."
(Credits to Theodore Tzevelekis/Cisco)
deejay
--
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.
> -----Original Message-----
> From: Mansey, Jon [mailto:Jon_Mansey at verestar.com]
> Sent: 2. mája 2002 19:31
> To: nanog at merit.edu
> Subject: RE: DDOS attacks and Large ISPs doing NAT?
>
>
>
> To merge these 2 great threads, it is the case is it not that
> NAT is a great way to avoid DDOS problems. I don't even want
> to imagine what the billing/credit issues would be like if
> your always-on phone with a real IP is used as a zombie in a
> DDOS. "Hey I didn't use all that traffic last month....etc etc"
>
> I still maintain, since the last time this was on Nanog, that
> real IP addresses should not be entrusted to the great unwashed.
>
> And as for NAT breaking applications, I think its time the
> applications wised up and worked around the NAT issues. Look,
> if your application is important enough to you as the
> developer, you are going to want it to penetrate and work for
> as many ppl as possible right? Office workers, home users
> with gateways, GPRS/GSM/3G cell users etc etc. So you make it
> use protocols that traverse NAT without breaking. Look at the
> streaming media players out there, they try to use, in order,
> multicast (the most effcient and best quality), UDP,TCP then
> HTTP. If it cant get a connection with any of the first
> protocols, it falls back to http, and you get your stream.
>
> When you look at the economics of usability of your app, I
> think your going to want to make it work through firewalls.
>
> Jm
More information about the NANOG
mailing list