On Mon, 10 Mar 2003, Mark Segal wrote:
What surprises me most about this entire thread is the lack of centralized filtering.
Central as in 'ALL INTERNET USES MY FILTERING SERVICE' or... 'My network uses my filter service and your network uses yours'?
Since most service providers should be thinking about a sink hole network for security auditing (and backscatter), why not have ONE place where you advertise all unreachable, or better yet -- a default (ie everything NOT learned through BGP peers), and just forward the packets to a bit bucket..
This can be VERY dangerous, the default part atleast. At one point we, as an experiment in stupidity (it turns out) announced 0/1 (almost default). We quickly recieved well over 600kpps to that announcement. This in a very steady stream... When one announces a very large block like this there are always unintended consequences :( There is alot of traffic spewed out to non-available address space, this traffic is very large when aggregated :)
Which is better than an access list since, now we are forwarding packets instead of sending them to a CPU to increase router load.
Yes, routes to null0 or to a dead interface/collection host are much nicer than acls. So, for this perhaps instead of acls uRPF would be a solution for the implementor?
I don't think ARIN can help the situation. ISPs just need to remove the access lists from each router in the network and centralize them.
Or, have an 'automated' manner to deploy/audit/change said acls? RAT perhaps or some other 'automated' router config checking/deployment tool?
Regards, mark
-- Mark Segal Director, Data Services Futureway Communications Inc. Tel: (905)326-1570
-----Original Message----- From: E.B. Dreger [mailto:eddy+public+spam@noc.everquick.net] Sent: March 10, 2003 10:17 AM To: nanog@merit.edu Subject: Re: 69/8...this sucks
Date: Mon, 10 Mar 2003 09:46:33 +0000 From: Michael.Dillon
I have suggested that ARIN should set up an LDAP server to publish the delegation of all their IP address space updated
Not bad, but will the lazy ISPs set up an LDAP server to track changes they aren't tracking now? Will those with erroneous filters magically change simply because of LDAP? I still contend the answer is is a boot to the head that screams to them, "Update your freaking filters!"
Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Mon, 21 May 2001 11:23:58 +0000 (GMT) From: A Trap <blacklist@brics.com> To: blacklist@brics.com Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT send mail to <blacklist@brics.com>, or you are likely to be blocked.