Firewall stateful handling of ICMP packets
Joe Abley
jabley at isc.org
Thu Dec 4 04:48:29 UTC 2003
On 3 Dec 2003, at 22:53, Adi Linden wrote:
> One solution is to get away from unlimited bandwidth. Once there is a
> cost
> associated to having a PC source Nachi or Welchi traffic, customers
> will
> learn to be more concerned and educate themselves. The cost doesn't
> have
> to be moneytary. Progressive rate limiting could be used, where traffic
> gets pinched as the allowed traffic per time slot is consumed.
Live example of how well monetary pinching works in New Zealand --
there have been cases of people receiving $15,000 monthly phone bills
which are mainly comprised of ADSL traffic charges. So, the traffic
charges stop the rogue traffic, by sending customers bankrupt, but only
about a month or so after the fact.
Punishing high-traffic users by progressive traffic shaping sounds more
effective, although the implementation sounds potentially hairy.
Joe
More information about the NANOG
mailing list