[175848] in North American Network Operators' Group
Re: Default routes on BGP routers with full feeds
daemon@ATHENA.MIT.EDU (William Herrin)
Tue Nov 4 17:30:39 2014
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <20141104174735.C85252D40FD@mail.nanog.org>
From: William Herrin <bill@herrin.us>
Date: Tue, 4 Nov 2014 17:30:01 -0500
To: Berry Mobley <berry@gadsdenst.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, Nov 4, 2014 at 12:47 PM, Berry Mobley <berry@gadsdenst.org> wrote:
> I'm wondering how many of you who are
> multihomed also add default routes pointing
> to your providers from whom you are receiving full feeds.
Back when I was in the ISP world I installed a default route pointing to a
data capture machine. This let me detect which customers had port-scanning
worms so I could identify them ahead of the abuse complaint (and ahead of
the "why is my Internet so slow complaint). The scanners rip through
unrouted space as often as they rip through routed space, so they were
pretty easy to catch.
Unfortunately, dealing with Grandma's virus laden machine was never easy.
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?
