LISTSERV mailing list manager LISTSERV 15.5

Help for NORDNOG Archives


NORDNOG Archives

NORDNOG Archives


View:

Next Message | Previous Message
Next in Topic | Previous in Topic
Next by Same Author | Previous by Same Author
Chronologically | Most Recent First
Proportional Font | Monospaced Font

Options:

Join or Leave NORDNOG
Reply | Post New Message
Search Archives


Subject: Re: IP limits from RIPE?
From: Martin Back <[log in to unmask]>
Reply-To:[log in to unmask]
Date:Wed, 4 Dec 2002 14:48:27 +0100
Content-Type:text/plain
Parts/Attachments:
Parts/Attachments

text/plain (48 lines)


 Mns Nilsson wrote on Dec 04, 2002 at 12:16:11 PM:

[...]

> One *might* assign some kind of limit per subscriber, to prevent from DoS
> by snarfing all leases. This, I believe, is already being done, by
> Bredbandsbolaget.
>
> On a related note -- Regardless of the issues I have with some of the
> things I've heard B2 does (for example altering a DHCP server so it
> deliberately denies renewal in favour of another address, and the debacle
> with the Digisip-issued Cisco ATA boxes being given RFC1918 leases) I find
> that the basic structure and service level both are sound -- a rle model
> for a consumer broadband operation.

Well, I'm running B2 at home, and it usually works really well. One big
problem for me though, is that they are running an ARP proxy. There is
of course good reasons for doing so, but it really makes it hard for
people like me trying to implement some security... I'm running a box
with OpenBSD as a transparent firewall, and this would work really well
if I didn't want to be able to connect between my computers... but I, of
course, do... :)
The problem is that the ARP proxy makes my connections going through
the firewall instead of just through my local switch. This is probarbly
due to the fact that both my machine and the ARP proxy answers to the
ARP who-has. My guess is that since the machine I'm trying to connect to
answers first, and then the ARP proxy, it first uses the real one and
then, like 1/10 of a second later, changes to the ARP proxy one. Haven't
really checked that theory out yet, but I believe it works like that.

This would would not have been a problem if one could get static
IP-adresses, then I could set the ARP manually... but when you get a
new IP all the time, that doesn't work either.

Been trying to find a solution to this problem for quite some time now,
but I haven't been able to find one. If only Microsoft could have
coded a better implementation of the TCP/IP stack so one could have a
static IP on the same interface as one with DHCP, but no... that was
way to complicated for them... :)
I could of course use two NICs instead, but I'm tired of all cables
running around all over the apartment.

Anyway... I've solved it by using static ARP entries via some scripts,
but it's not working as well as I would have wanted.
So, anyone at B2 reading this and feels sorry enough for me to let
me have static IPs instead? :)

./m

Back to: Top of Message | Previous Page | Main NORDNOG Page

Permalink



LISTSRV.NORDU.NET

CataList Email List Search Powered by the LISTSERV Email List Manager