IPv4 Exhaustion...

Christopher Morrow morrowc.lists at gmail.com
Sat Jul 24 20:36:08 UTC 2010


On Sat, Jul 24, 2010 at 4:28 PM,  <Valdis.Kletnieks at vt.edu> wrote:
> On Sat, 24 Jul 2010 15:40:58 EDT, Christopher Morrow said:
>> why wouldn't you just do the intercept before the LSN?
>
> That gets interesting too, when several tens of thousands of users may all be
> behind the same LSN.  Making sure you intercept only the right user's traffic
> gets a lot more interesting in front of the LSN.  Doing it behind the LSN means
> you can snarf up just the traffic heading to/from one NAT'ed IP, which is
> hopefully changing not all that often.  Doing it in front of the LSN means you
> need to decide whether to capture the data in real time on a per-flow basis
> (consider the fun involved in catching a SYN packet outbound - what's your time
> budget between when the miscreant's packet leaves his host and when you have to
> catch it on the outbound side of the LSN)...

innocent until proven guilty... plus probably a large portion of the
calea things aren't for a 'miscreant' anyway but for other reasons.

say, i wonder how many actual calea requests have been sent out
anyway?? (I know one very large network has yet to get a single one,
or so the grape vine tells me.)

>
>




More information about the NANOG mailing list