Re: [jim@cyberjunkees.com: Re: FW: Worm probes]

From: "Juha Saarinen" Actually, it wouldn't provide that much more protection, would it? There'd still be a public IP in front of the NAT, which presumably would send all the crap to your systems (unless of course you had control over the NAT or the RFC 1918 allocations). Yes?

Do you mean... Dish out an RFC 1918 address to the DSL device via the ISPs Radius server and then run NAT or a proxy at the ISP to a real world IP. That would work under FastIP, assuming Telecom allowed it. However you still have the issue that the traffic from RAN to CAR to ISP is L3 routed. If one of your users gets infected with "a worm" that user is going to start dumping data inside IPNet, on another RFC 1918 address user, these worms love to DOS their own subnet. Policy routes in the CAR? These routers are having enough trouble with normal routing as it is. The only solution: Move the PPP termination point from RAN to ISP. Cheers BG. --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog