Now that's a strategy I like. Thanks Dorn; that's both elegant and easy to implement, its cheap, and it works. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, http://www.mcs.net/ Voice: [+1 312 803-MCS1 x219]| NOW Serving 56kbps DIGITAL on our analog lines! Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal On Tue, Jul 15, 1997 at 05:17:58PM -0400, Dorn Hetzel wrote:
Since we run OSPF internally, we find it easier to do this by setting up a 2501 (dedicated to the task) with static routes pointing into a loopback interface which is filtered with an access list to block all packets. The static routes are redistributed into OSPF, which caused each static to suck packets bound from anywhere in our network into the filter, kill them, and log them. Of course, there is no risk of the OSPF leaking to the outside world, though it covers our network nicely, and we get logging of attempted replies to these sites. Since OSPF is nicely classless, we block anythink from a /32 up...
-Dorn Hetzel Epoch Internet
On Tue, Jul 15, 1997 at 04:36:58PM +0100, Alex.Bligh wrote:
[shock - operational ingredient to DNS issue on NANOG]
I feel that a convenient way to filter out crud that polutes your DNS (or any other crud for that matter) might be: a) Configure a normally non-BGP speaking router in your IGP to run BGP under AS (say) 7778. b) Static the routes to all alternic's primary name servers to null0: (or better to a non-existent IP on an ethernet interface) c) redistribute these statics into BGP through a routemap if necessary. d) Set up peering with a router running BGP tagging the routes as no-export (make sure you don't distribute them to peers or customers).
(credit to Paul Vixie for the "how to blackhole traffic" for spam reasons which I've borrowed here - *PAUL DID NOT RECOMMEND DOING THIS FOR DNS TRAFFIC - THIS IS ENTIRELY MY IDEA*).
We're just about to do this. I'll tell you how it goes.
Alex Bligh Xara Networks