John, There are the beginnings of some wireless devices that are capable of directing wireless clients to cease transmission with L2 link control messages. These are just beginning to emerge, and unfortunately I'm certain that with only a matter of time people will write drivers that ignore such control messages. The end result is that AP's can effectively address a DoS at an invalid/penalty-boxed host on the wireless ether, and allow everyone else to remain connected. There is a b/w penalty for the flood of control messages. One implementation I have been researching leaves ~75% of b/w available for valid traffic. That doesn't seem too bad to me, but I need to research real stats for how much b/w is consumed by the worms in the first place. Cheers, Ben. John> On 15 Mar 2004 08:01:15 -0500 John> "Robert E. Seastrom" <rs@seastrom.com> wrote:
Maybe NANOG needs to implement a system where you have to log in to a web page with your NANOG meeting passcode in order to get a usable IP address. Then, when an infected computer shows John> [...] Seconded. This is dirt simple to do. If we believe in public humiliation, a list of infected machines and their owners (along with John> [...]
John> In the case of some networks and some type of malware, you might need to John> do more than this. For example, if a compromised host continues to spew John> out packets without a valid IP, this still eats link capacity. If the John> network is relatively flat, which is often is in wireless configurations, John> you still have a problem to solve before normal access for everyone else John> is restored. John> John