guy keren wrote:
There's no reason to doubt their intentions more than you doubt any Internet packet.1. Your peers on the cable network (e.g. if you decide to play Quake against your neighbour without connecting to the Internet),
do people do that?
2. Your ISP's PPTP server.
funny - i thought that the pptp connection is established with your local modem
No, that's the configuration on ADSL. On ADSL, it's:
[PC] --ETHERNET(IP(PPTP(PPP(IP))))--> [ADSL modem] --VCMUX(PPP(IP))--> [Bezeq telco] --PPP(IP)--> [ISP*]
* Picking the ISP is by embedding its name in the PPP auth packet (the @Iisp prefix). Bezeq strips it and fwds the PPP auth packet.
On cable, the modem provides you an Ethernet-level connection to the ISP's RAS server (running PPTP or L2TP server). You talk to the ISP with ETHERNET(IP(PPTP(PPP(IP)))). Yes, a bit of overhead.not with the ISP's server(s). some kind of an extra tunneling...
* Picking the ISP is by picking the IP of the PPP server (e.g. cable.netvision.net.il).
Why bother? They're no more risk than an Internet connection. Your cable buddies don't have more permissions than any Internet user. And blocking ad-hoc address ranges is a recipe for trouble. For example, what if the cable company changes its IP addressing scheme? They expect to update their DHCP server and have everyone back up in no time, but your firewall would screw you over.Packets you receive may have *any* source address (though it'd be silly
if the cable company would hijack a non-private IP zone for use within
their network...). You should not filter by source address.
since this won't be done, you can block other addresses safely.
That's a standard Cisco DOCSIS equipment feature. They use Cisco equipment. And yes, they have the feature on. Only their side is capable of enforcing a spoofing-free network, so you'd rather trust their equipment to be properly configured than to create ugly lines of defense at home.Given an outgoing packet, the cable company's router (a.k.a. CMTS) will only pass it onwards (to other customers, to the ISP's RAS point...) *if* its source address matches one of the addresses DHCP-allocated to the physical[*] origin of the packet.
[*] Every modem is a physical origin; You cannot hijack an IP allocated
to your neighbour. There are technical measures to know which customer's
modem sent out the packet.
this is, ofcourse, assuming we trust the cable company's setup. do we?
================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
