|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] DirecTV DSL & Linux\
|
| > When I signed up for DCA 2 years ago, I did have to provide MAC addresses,
| > ISTR.
|
| This is a sign that they don't know what they're doing when it comes
uhm, no.
| to routing. (They can *discover* this information very easily;
| they're on the same ethernet link as you.)
sure, they could.
but in an ISP environment you generally don't want to.
with this particular DSL product, to both the end-user and DCA looks
pretty much just like a run-of-the-mill ethernet. and, just like
any other ethernet, they could let you configure your piece and
ARP when they need to. in most environments this would be just
fine. but in an ISP environment, end-users fall into 3 classes:
1) good honest users that know what they're doing
2) clueless users who can't even get their VCR to stop blinking
3) malicious users: script kiddies, spammers, ...
given (2)+(3) you want to trust information from end-users as
little as possible. on a shared ethernet, without going to PPPoE,
the best you can do is hardcode the MAC<->IP table and not ARP.
this prevents (2) from taking down the network, and makes it
harder[1][2] for (3) to do evil, and makes it easier[1] to track
down (3) when they try.
--jeff
[1] but not as hard or as easy to track as with PPPoE.
[2] they need figure out some other end-user's MAC addr.
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|