Firewall stateful handling of ICMP packets

• Previous message (by thread): Firewall stateful handling of ICMP packets
• Next message (by thread): Firewall stateful handling of ICMP packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3 Dec 2003, at 22:53, Adi Linden wrote:

> One solution is to get away from unlimited bandwidth. Once there is a 
> cost
> associated to having a PC source Nachi or Welchi traffic, customers 
> will
> learn to be more concerned and educate themselves. The cost doesn't 
> have
> to be moneytary. Progressive rate limiting could be used, where traffic
> gets pinched as the allowed traffic per time slot is consumed.

Live example of how well monetary pinching works in New Zealand -- 
there have been cases of people receiving $15,000 monthly phone bills 
which are mainly comprised of ADSL traffic charges. So, the traffic 
charges stop the rogue traffic, by sending customers bankrupt, but only 
about a month or so after the fact.

Punishing high-traffic users by progressive traffic shaping sounds more 
effective, although the implementation sounds potentially hairy.


Joe

• Previous message (by thread): Firewall stateful handling of ICMP packets
• Next message (by thread): Firewall stateful handling of ICMP packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]