Re: (PM) DoS attack

Chris Adams (cadams@ro.com)
25 Feb 1998 17:56:07 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Don Lashier: "Re: [jack.rickard@boardwatch.com: Re: (PM) Re: Nationwide Access"
Previous message: Bill Koontz: "(PM) multilink ppp"
Maybe in reply to: David Denney: "(PM) DoS attack"

According to Stephen Zedalis <tintype@exis.net>:
>On Wed, 25 Feb 1998, David Denney wrote:
>>It would be nice to have a filter
>>that could be applied onto a dialup port that would block source
>>addresses other that ones assigned to the port without having to
>>have a different filter for each customer.
>
>I agree, this needs an RFE. There ought to be a "magic" value in the
>filter rulesets that equates to the address currently assigned to that
>port/user. That way you can set your rulesets to only permit
>incoming packets with the correct source address(s) for that port. It
>would simplify things alot and allow you to do filtering that currently
>you can only do with static IP assignments and individual filters per
>user.

I'd like to see that extended to include a magic value for the routes
corresponding to the Framed-Route statements in RADIUS. Then I could
have just one default filter for everyone (dialup single-IP and network
connections) and only create special filters for special cases.

-- 
Chris Adams - cadams@ro.com
System Administrator - Renaissance Internet Services
I don't speak for anybody but myself - that's enough trouble.
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>

Next message: Don Lashier: "Re: [jack.rickard@boardwatch.com: Re: (PM) Re: Nationwide Access"
Previous message: Bill Koontz: "(PM) multilink ppp"
Maybe in reply to: David Denney: "(PM) DoS attack"