[10843] in North American Network Operators' Group
Re: Alternic takes over Internic traffic
daemon@ATHENA.MIT.EDU (Lyndon Levesley)
Wed Jul 16 07:30:24 1997
To: Dorn Hetzel <dorn@atl.eni.net>
cc: nanog@merit.edu
Reply-to: lol@xara.net
From: Lyndon Levesley <lol@xara.net>
In-reply-to: Your message of "Tue, 15 Jul 1997 17:17:58 EDT."
<19970715171758.15946@atl.eni.net>
Date: Wed, 16 Jul 1997 12:07:55 +0100
>>>>> On Tue, 15 Jul 1997 at around 17:17:58,
>>>>> "DH" == Dorn Hetzel penned:
DH> Since we run OSPF internally, we find it easier to do this by
DH> setting up a 2501 (dedicated to the task) with static routes
DH> pointing into a loopback interface which is filtered with an
DH> access list to block all packets. The static routes are
DH> redistributed into OSPF, which caused each static to suck
DH> packets bound from anywhere in our network into the filter,
DH> kill them, and log them. Of course, there is no risk of the
DH> OSPF leaking to the outside world, though it covers our network
DH> nicely, and we get logging of attempted replies to these
DH> sites. Since OSPF is nicely classless, we block anythink from
DH> a /32 up...
If you have a smaller network and still want the ability to do this
(e.g. singly-homed site) just route the networks concerned to
nowhere on your gateway router
ip route a.b.c.d w.x.y.z Null0
route add net a.b.c.d <local or null IP address> 1
This won't stop the DNS hack from polluting your servers (u/g the
software :) but I don't think my Linux box needs to contact DNS
pirates ;-}
DH> -Dorn Hetzel
DH> Epoch Internet
Cheers,
Lyndon
--
Penis Envy is a total Phallusy.
