Mpd-4.2 released.

Alexander Motin mav at
Wed Jun 27 12:08:42 UTC 2007

Hash: SHA1

Ovi wrote:
> Also as you know
> PPPoE is vulnerable to arp poisoning and to DoSs. Having a small network
> with 10-20 computers using mpd is easy, but having 2000 users or more,
> things changes, problems appears. Solving arp poisoning or DoS attack
> (sometimes caused by a burned switch port which mixes RX with TX) I
> thing can be done using a Layer2 managed switch, with ACLs, I will try
> and I'll inform you.

Even if pppoe have some DoS weaknesses it also have some protection
mechanisms against it. It's a pity but ng_pppoe originally implements
protocol in a way which does not allow this protection to be effectively

As I have told 4.2 release contains overload protection which should
also help against DoS attacks. I am not sure it will be able to handle
100Mbit/s flood of PADI requests from broken switch, but should avoid
mpd freeze in such case.

> When having many users, it is useful to have high availability, so it
> would be nice and useful to setup multiple pppoe servers . I've tried
> that, using a router, connected
> to 2 pppoe servers, and at every pppoe connection, a route was added to
> the router  and when  user  disconnected,  the route was deleted from
> router.  This is still a buggy implementation, we had problems messing
> up routing table.

Having several PPPoE servers in one segment is a normal solution
protocol. It is not so efficient now as it could be due to ng_pppoe
implementation problem I have told, but it still should increase
performance and stability.

What is about routing problems, you just should find good dynamic
routing solution. I have successfully working network with hundred PPPoE
servers and many thousands of users with routing successfully managed by
quagga bgp.

- --
Alexander Motin
Version: GnuPG v1.4.7 (FreeBSD)
Comment: Using GnuPG with Mozilla -


More information about the freebsd-net mailing list