Alpha test of MAE filtering capability

Chris A. Icide chris at
Fri Jan 31 19:39:34 UTC 1997

From:  Paul A Vixie[SMTP:paul at]
But let me turn it around.  With no means of detection, why do we suspect
that it's a problem?  That is, why doesn't the cause for suspicion also work
as a means of detection?

Well, here is the way I found mine.  We keep usage information on all of our
router ports, and one day, my FDDI interface to an exchange point jumps by
10Mbps.  I haven't added any customers, and going back to examine my 
traffic patterns for customer ports, I have no cooinciding traffic increase.  
However, I do show this increase mainly passing from one Exchange point
to the other.  After isolation all traffic sources that would have created such
a jump in traffic, I come up with a big goose egg.  So, my next step was to
log some flows from the router at the exchange point, and after pouring 
through quite a few flows, I begin to see traffic from an entity that my company
has absolutely no relationship with.  This all takes quite a bit of time.  I 
would not want to judge anyone with partial data.  Meanwhile bandwidth paid
for by my customers, and engineered based upon my customer's needs is
being chewed up.  My customers are affected.  I would prefer to prevent 
such events from affecting my customers, who I think would agree with
this method.

IMHO, as long as money is involved, and as long as someone thinks that
they have a chance of getting away with something, they will try it.


More information about the NANOG mailing list