Dan Hollis wrote:
On Wed, 9 Feb 2000, Daniel Senie wrote:
Dialup pools should also be protected. No sense in permitting problems to originate on a dialup modem or ISDN line. I know the Lucent/Ascend MAX product accepts an attribute Ascend-Source-IP-Check, which can be applied as a part of the RADIUS authentication. Have the large dialup wholesalers implemented this?
When I asked a couple dialup wholesalers this question point blank last year, the answer was no - because their routers/term servers didn't have enough CPU to do filtering.
I don't buy this. The wholesalers are allowing (requiring?) filters be added to block port 25 to all but the retail ISP's mail servers. Seems to me if the box can handle that filter, adding one for source IP is isn't significant additional load. The nice thing with the Ascend attribute is the ability to apply it generically, and without the Radius server having to know the IP address being assigned to the user. -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranthnetworks.com