[31467] in North American Network Operators' Group
Re: netscan.org update
daemon@ATHENA.MIT.EDU (dies)
Sun Sep 24 17:59:10 2000
Date: Sun, 24 Sep 2000 17:09:16 -0500 (EST)
From: dies <dies@pulltheplug.com>
To: nanog@merit.edu
Cc: Troy Davis <troy@nack.net>
In-Reply-To: <Pine.BSO.4.21.0009242018120.21447-100000@marvin.jump.org.uk>
Message-ID: <Pine.BSO.4.21.0009241659510.23278-100000@dawoozie.pulltheplug.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
For whatever reason Cisco's will TAKE null routes to classful broadcasts,
however, they will not propagate them. You'll need a Juniper/GateD
Box/whatever to push out the routes...
And you would only want to null/discard the /32 of the actual ampilifier,
not the entire netblocks I would imagine. If you null/discarded the
entire /24...well that would make some quite unhappy customers...The
object should be not to stop the smurf once it is ongoing, but to prevent
it from ever happening...
On another note, Troy if you need help with anything...Let me know I'd
like to get as many amp sites off the net as possible..
On Sun, 24 Sep 2000, James A. T. Rice wrote:
>
> On Sun, 24 Sep 2000, Troy Davis wrote:
>
> > links. At last count, there are 66317 smurf-amplifying /24s; of course,
> > they'd be aggregated where possible in the announcements.
>
> Why aggregrate ? You could just announce the /32's of the actual broadcast
> addresses, and cause much less damage to other resources on that network.
>
> Also if you do aggregrate, your blackhole route will probabally be less
> specific then the 'real' route, so the 'real' route and not the blackhole
> one is what would get used.
>
> -James
>
>
>
