[33434] in North American Network Operators' Group
Re: net.terrorism
daemon@ATHENA.MIT.EDU (John Payne)
Wed Jan 10 17:51:27 2001
Date: Wed, 10 Jan 2001 14:49:18 -0800
From: John Payne <john@sackheads.org>
To: Adrian Chadd <adrian@creative.net.au>
Cc: John Payne <john@sackheads.org>, nanog@merit.edu
Message-ID: <20010110144918.X10114@haybaler.sackheads.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010110151244.K79667@ewok.creative.net.au>; from adrian@creative.net.au on Wed, Jan 10, 2001 at 03:12:44PM +0800
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Jan 10, 2001 at 03:12:44PM +0800, Adrian Chadd wrote:
> On Tue, Jan 09, 2001, John Payne wrote:
> > On Tue, Jan 09, 2001 at 09:49:50PM +0800, Adrian Chadd wrote:
> > > I'd rather get partial announcements than traffic-filtered announcements.
> > > That way, my other network pipes (which hopefully have a path without
> > > above.net in it to vuurwerk) will take over. above.net are happy.
> > > vuurwerk is happy. life is good. no bitching or extra configuration.
> >
> > personally speaking, and no disrespect to any abovenet network engineers, or anyone
> > else, but I would *MUCH* rather a solution which doesn't involve them logging
> > onto several routers to block 1 route (I don't know how many places abovenet peer
> > with uunet, but I'll bet that its more than 1 place)
> >
> > a) Add a blackhole route (1 config change)
> > b) Tag/block route on ingress (X config changes)
> > c) block route on egress (Y config changes)
>
> That in itself is bogus. How many MXes do you run? Can you seriously
> tell me that every time you add a domain to your MX servers you consider
> the updates "too difficult" ?
>
> I mean, going by what you said above, we might as well run open relays.
> That way, whenever we add new domains, thats 1 config change to your
> primary MX host to accept mail, and bewm! it works!
No, I updated the list of domains in one place and its automatically taken
care of on the other boxes.
> Thats what scripts and other automata are for.
I trust scripts to update mailservers which nobody else can be trying to configure
at the same time (and name servers for that matter).
Injecting a blackhole route and letting IBGP propogate it is the same idea.
(as long as it stays inside your network ;)
--
John Payne http://www.sackheads.org/jpayne/ john@sackheads.org
http://www.sackheads.org/uce/ Fax: +44 870 0547954
To send me mail, use the address in the From: header
