[115262] in North American Network Operators' Group
Re: spamhaus drop list
daemon@ATHENA.MIT.EDU (Chris Adams)
Mon Jun 15 17:19:10 2009
Date: Mon, 15 Jun 2009 16:18:54 -0500
From: Chris Adams <cmadams@hiwaay.net>
To: nanog@nanog.org
Mail-Followup-To: Chris Adams <cmadams@hiwaay.net>, nanog@nanog.org
In-Reply-To: <723AEFA8-0FA1-4D73-A6C2-29B001C2E24A@cisco.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Once upon a time, Fred Baker <fred@cisco.com> said:
> On Jun 15, 2009, at 1:16 PM, Quinn Mahoney wrote:
> >Or use this script which null routes the traffic (I guess it's not a
> >big deal getting the syn packets, as long as the mail won't send
> >because of the null route)
>
> I you are using uRPF, the SYN packets won't get through either,
> because they came from an interface other than the null interface. Not
> so helpful interddomain, but it protects your customers from each
> other (as BCP 38 does in other cases).
Not true for JUNOS; "discard" routes are still in the forwarding table
and are treated as a valid destination when it comes to loose-mode uRPF.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
