On 24 Apr 2003, Paul Vixie wrote:
On the other hand, NJABL.ORG lists 255K open relays, 170K open proxies, and a spattering of dialups and other listings. This is way beyond ACLs that I could even imagine thinking about :-)
anyone who was facile with perl could transform a full list of open relays or proxies into something that avibgpd could use, so that you could have your access controls implemented as routes rather than acl's. if you combine that with policy routing so that you can blackhole traffic based on source rather than destination, you could get the added benefit of not having to take/deliver the SYN only to blackhole the resulting SYN-ACK.
But how will the average BGP speaking router deal with an additional half million routes today or million routes in a few months? My guess is "not well"...or do you suggest some form of aggregation that would reduce the number of routes but penalize the innocent for being in the same /something as open systems? ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________