[arin-ppml] Why are ISPs allowed?
Ted Mittelstaedt
tedm at ipinc.net
Mon Jan 5 18:40:21 EST 2009
> -----Original Message-----
> From: arin-ppml-bounces at arin.net
> [mailto:arin-ppml-bounces at arin.net] On Behalf Of Artur (eBoundHost)
> Sent: Friday, January 02, 2009 2:04 PM
> To: Stephen Sprunk
> Cc: ARIN-PPML at arin.net
> Subject: Re: [arin-ppml] Why are ISPs allowed?
>
>
> >at least one host
> >(otherwise, why would they buy the >service?) and thus assigning one
> >address per customer is automatically >justified.
>
> I'm strictly talking about home users, not hosting providers.
>
This ISP has also experimented with using NAT. The biggest problem
with it is that if 1 single customer on the NAT gets infected with a
virus it takes down the entire lot of them.
Your typical run-of-the-mill virus, as soon as it infects a PC it
commences to contact tens of thousands of other PC's on the Internet
to propagate itself. Worse, most viruses are spam generators also
and send out tens of thousands of spams.
Because there is no central list of hosts on the Internet the viruses
guess, often by iteration, attempting to contact IP's like
1.1.1.1
1.1.1.2
1.1.1.3
1.1.1.4
.
.
.
etc.
Since most of these IP's are bogus what happens is the translator
opens the outgoing TCP connect, but never sees a TCP acknowledgement
from the remote side. This uses up a "translation table entry"
in the translator, that is held open until the NAT times it out.
(it can't close it any other way since there is never a TCP close that
will come from the remote side) While it's doing this, the virus
continues to the next victim it is guessing.
As a result a single PC can literally tie up several thousand (or even
more, if the PC is fast) translation slots in the NAT. This usually
chews up all free ram in the translator until the NAT then crashes.
Ted
More information about the ARIN-PPML
mailing list