[ntp:questions] Thoughts on KOD

Jochen Bern Jochen.Bern at LINworks.de
Sun Jul 6 22:00:08 UTC 2014


On -10.01.-28163 20:59, Harlan Stenn wrote:
> This gets a bit more complicated when taking into consideration:
> - we'll get more traffic from a NAT gateway
> - - do we need to be able to configure a threshhold for this case?

Can't say much about KOD as-is, but here's my .02 on the net-behind-NAT
scenario: If
-- you want to fine-tune limits according to the number of actual
   clients behind the NAT, *or*
-- want to keep providing service to genuine clients behind a NAT
   gateway while defending against co-located noncooperative bad apples
then you have an interest to make the NATed clients identifiable (beyond
what OS fingerprinting can do already).

The straightforward approach to doing so would be to send out not plain
"go DIAF"s, but messages along the lines of "I'm willing to service your
further requests *if* you label them with this random ID (and behave)".

Regards,
								J. Bern
-- 
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel


More information about the questions mailing list