I think the problem is that PMs lack the ability to filter users from
being able to spoof source addresses in the first place. Lucington
would have you use choicenet and a seperate filter for each customer.
Why not have the PMs automatically filter users based on Framed-Address
& Framed-Route information received from RADIUS?
Solutions I've heard from Lucington in the past consisted of applying
filters only allowing source addresses within the assigned pool.
Strikes me as a half-assed solution, still allowing customers to source
packets they shouldn't be able to (albeit to a lesser extent), while
breaking static addressing and the routing of networks. Sometimes I
wonder about Lucington's priorities.
Curtis
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>