From owner-freebsd-net Wed May 24 10:11:56 2000 Delivered-To: freebsd-net@freebsd.org Received: from dune.clickarray.com (adsl-63-197-76-246.dsl.snfc21.pacbell.net [63.197.76.246]) by hub.freebsd.org (Postfix) with ESMTP id DC55537BD00 for ; Wed, 24 May 2000 10:11:53 -0700 (PDT) (envelope-from sshah@dune.clickarray.com) Received: (from sshah@localhost) by dune.clickarray.com (8.9.3/8.9.3) id JAA14771; Wed, 24 May 2000 09:29:18 -0700 Date: Wed, 24 May 2000 09:29:18 -0700 From: Steve Shah To: Mike Silbersack Cc: Olaf Hoyer , freebsd-net@FreeBSD.ORG Subject: Re: BPF vs. promiscuous mode Message-ID: <20000524092918.B14746@clickarray.com> References: <20000524072320.C14568@clickarray.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 24, 2000 at 11:06:34AM -0500, Mike Silbersack wrote: > Bah! I'm giving you the no fun network administrator badge. NATing might > help in the short-term, but it also breaks stuff like ICQ/video games/etc, > which students probably use a lot. (What? They're there to study?) I'd > guess the next-generation mp3/file sharing programs will probably find > ways to avoid the roadblocks NAT puts up anyway, unfortunately - and > that's where the major bandwidth is, not http/ftp servers (at madison, > anyway.) The messaging stuff is easy to proxy for, and I don't mind doing that. Napster I'd block off from the standpoint of bandwidth consumption. And now that there is legal precidence on schools getting sued for crap like that, I'd rather save myself the hassle. There are better battles to fight. The definate win for NATting would be against the web server folks who are serving up commercial stuff and MP3's. Although Napster is a ugly problem in that regard. (Today's User Friendly explains why in ugly, ugly detail...) Most importantly, it's a case of protecting students from attacks. There are (sadly) people out there who still find it amusing to BOINK large numbers of Winders machines that aren't patched up. And I wouldn't trust most students to keep their boxes patched up. In the end, there is always a way to get back in. (Tunnels, etc.) but just looking at the small handful of people who know how to do that means that I still would not have to be overly concerned with bandwidth. Of course if I *really* wanted to be a punk, I'd put a rate limitor on outgoing traffic. -Steve -- ___________________________________________________________________________ Steve Shah (sshah@clickarray.com) | Developer/Systems Administrator/Author http://www.clickarray.com | Voice: 408.772.8202 (e-mail preferred) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Beating code into submission, one OS at a time... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message