Firewall stateful handling of ICMP packets

Joe Abley jabley at isc.org
Thu Dec 4 04:48:29 UTC 2003


On 3 Dec 2003, at 22:53, Adi Linden wrote:

> One solution is to get away from unlimited bandwidth. Once there is a 
> cost
> associated to having a PC source Nachi or Welchi traffic, customers 
> will
> learn to be more concerned and educate themselves. The cost doesn't 
> have
> to be moneytary. Progressive rate limiting could be used, where traffic
> gets pinched as the allowed traffic per time slot is consumed.

Live example of how well monetary pinching works in New Zealand -- 
there have been cases of people receiving $15,000 monthly phone bills 
which are mainly comprised of ADSL traffic charges. So, the traffic 
charges stop the rogue traffic, by sending customers bankrupt, but only 
about a month or so after the fact.

Punishing high-traffic users by progressive traffic shaping sounds more 
effective, although the implementation sounds potentially hairy.


Joe




More information about the NANOG mailing list