[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Layer 2 access and Current Practices

To: "Howard C. Berkowitz" <hcb@gettcomm.com>
Subject: Re: Layer 2 access and Current Practices
From: George Jones <eludom@gmail.com>
Date: Fri, 4 Mar 2005 08:10:02 -0500
Cc: opsec@ops.ietf.org
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=IaIt8N3c6b8/RXpisZw8oDn+NMyHGoZqEXR66hrBcJOb5hqwlzOVxD+AgxZMSbw9Wqn51IcKgWz5l5+i/ubiQRkb2vlTJ5inPy4SlTmaKmZZwcBvK7jDAWolRwKk+fx6JMzdYOK3vfRWpivOZtHgG7EpNN/ujfnOl7UI52WtTgM=
In-reply-to: <p06110400be4cde76aa40@192.168.0.2>
References: <20050216142906.54C653C03BD@berkshire.machshav.com> <42136137.903@aol.com> <a45c96fe9cc6383eec029adb8b2aadb9@mac.com> <421394A7.5000209@aol.com> <026223dbb1352dc99cd7fee1fd22f2e3@mac.com> <p06110434be398abd2a53@192.168.0.2> <c1468ac505030212302f1936ce@mail.gmail.com> <p06110400be4cde76aa40@192.168.0.2>
Reply-to: gmj@pobox.com

On Thu, 3 Mar 2005 15:01:31 -0500, Howard C. Berkowitz <hcb@gettcomm.com> wrote:

> I certainly can see excluding SOHO, with all of its specialized
> problems. There is a remaining concern for large enterprises and
> hosting centers with gigabit Ethernet or POS/SONET/SDH acceess to
> their upstream IP providers.  The huge bandwidth available to certain
> organization could make them, if compromised by miscreants, huge
> threats to SP network stability.
> 
> To protect the SP network from a compromised high-bandwidth site,
> security measures may be implemented in provider-operated equipment
> at the site, or, more likely, at the POP. As a rule of thumb, if a
> given site has bandwidth comparable to a midsize ISP, I believe it
> has to be given special consideration as a risk, and also a major
> revenue source to be protected.
> 

OK.   So what are you suggesting ?   What sort of threats do you think need
to be addressed ?   It seems to me that basic rate limiting (ommitted from the 
first round of Chris' draft but to be added in -01) and filtering would address
most of this.

Thanks,
---George Jones

Follow-Ups:
- Re: Layer 2 access and Current Practices
  - From: "Howard C. Berkowitz" <hcb@gettcomm.com>

References:
- Re: TCP small fragments
  - From: "Steven M. Bellovin" <smb@cs.columbia.edu>
- Re: TCP small fragments
  - From: Greg Sayadian <gsayadian@aol.com>
- Re: TCP small fragments
  - From: pmrn <pmrn@mac.com>
- Re: TCP small fragments
  - From: Greg Sayadian <gsayadian@aol.com>
- Re: TCP small fragments
  - From: pmrn <pmrn@mac.com>
- Re: Layer 2 access and Current Practices
  - From: George Jones <eludom@gmail.com>

Prev by Date: Re: Layer 2 access and Current Practices
Next by Date: Re: Layer 2 access and Current Practices
Previous by thread: Re: Layer 2 access and Current Practices
Next by thread: Re: Layer 2 access and Current Practices
Index(es):
- Date
- Thread