[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Layer 2 access and Current Practices

On Thu, 3 Mar 2005 15:01:31 -0500, Howard C. Berkowitz <hcb@gettcomm.com> wrote:

> I certainly can see excluding SOHO, with all of its specialized
> problems. There is a remaining concern for large enterprises and
> hosting centers with gigabit Ethernet or POS/SONET/SDH acceess to
> their upstream IP providers.  The huge bandwidth available to certain
> organization could make them, if compromised by miscreants, huge
> threats to SP network stability.
> To protect the SP network from a compromised high-bandwidth site,
> security measures may be implemented in provider-operated equipment
> at the site, or, more likely, at the POP. As a rule of thumb, if a
> given site has bandwidth comparable to a midsize ISP, I believe it
> has to be given special consideration as a risk, and also a major
> revenue source to be protected.

OK.   So what are you suggesting ?   What sort of threats do you think need
to be addressed ?   It seems to me that basic rate limiting (ommitted from the 
first round of Chris' draft but to be added in -01) and filtering would address
most of this.

---George Jones