[102135] in North American Network Operators' Group
Re: Worst Offenders/Active Attackers blacklists
daemon@ATHENA.MIT.EDU (Jim Popovitch)
Tue Jan 29 09:44:45 2008
Date: Tue, 29 Jan 2008 08:43:42 -0600
From: "Jim Popovitch" <yahoo@jimpop.com>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: "nanog list" <nanog@nanog.org>
In-Reply-To: <789B0FAE-8ED7-4BA2-8DC2-24DEC80D5ABD@ianai.net>
Errors-To: owner-nanog@merit.edu
On Jan 29, 2008 12:58 AM, Patrick W. Gilmore <patrick@ianai.net> wrote:
> A general purpose host or firewall is NOTHING like a mail server.
> There is no race condition in a mail server, because the server simply
> waits until the DNS query is returned. No user is watching the mail
> queue, if mail is delayed by 1/10 of a second, or even many seconds,
> nothing happens.
>
> Now magine every web page you visit is suddenly paused by 100ms, or
> 1000ms, or multiple seconds? Imagine that times 100s or 1000s of
> users. Imagine what your call center would look like the day after
> you implemented it. (Hint: Something like a smoking crater.)
>
> There might be ways around this (e.g. zone transfer / bulk load), but
> it is still not a good idea.
>
> Of course I could be wrong. You shouldn't trust me on this, you
> should try it in production. Let us know how it works out.
Andrew, IIUC, suggested that the default would be to allow while the
check was performed.
-Jim P.
