jon,
1000x ack and for all: i think this MOTD is something very close to the isp nat thread :) "There are only 10 types of people in this world: those who understand binary, and those who don't." (Credits to Theodore Tzevelekis/Cisco) deejay -- Tomas Daniska systems engineer Tronet Computer Networks Plynarenska 5, 829 75 Bratislava, Slovakia tel: +421 2 58224111, fax: +421 2 58224199 A transistor protected by a fast-acting fuse will protect the fuse by blowing first. > -----Original Message----- > From: Mansey, Jon [mailto:[EMAIL PROTECTED]] > Sent: 2. mája 2002 19:31 > To: [EMAIL PROTECTED] > Subject: RE: DDOS attacks and Large ISPs doing NAT? > > > > To merge these 2 great threads, it is the case is it not that > NAT is a great way to avoid DDOS problems. I don't even want > to imagine what the billing/credit issues would be like if > your always-on phone with a real IP is used as a zombie in a > DDOS. "Hey I didn't use all that traffic last month....etc etc" > > I still maintain, since the last time this was on Nanog, that > real IP addresses should not be entrusted to the great unwashed. > > And as for NAT breaking applications, I think its time the > applications wised up and worked around the NAT issues. Look, > if your application is important enough to you as the > developer, you are going to want it to penetrate and work for > as many ppl as possible right? Office workers, home users > with gateways, GPRS/GSM/3G cell users etc etc. So you make it > use protocols that traverse NAT without breaking. Look at the > streaming media players out there, they try to use, in order, > multicast (the most effcient and best quality), UDP,TCP then > HTTP. If it cant get a connection with any of the first > protocols, it falls back to http, and you get your stream. > > When you look at the economics of usability of your app, I > think your going to want to make it work through firewalls. > > Jm