[33435] in North American Network Operators' Group
Re: net.terrorism
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Wed Jan 10 18:04:58 2001
Date: Thu, 11 Jan 2001 07:01:46 +0800
From: Adrian Chadd <adrian@creative.net.au>
To: John Payne <john@sackheads.org>
Cc: nanog@merit.edu
Message-ID: <20010111070145.W79667@ewok.creative.net.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010110144918.X10114@haybaler.sackheads.org>; from john@sackheads.org on Wed, Jan 10, 2001 at 02:49:18PM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Jan 10, 2001, John Payne wrote:
> > Thats what scripts and other automata are for.
>
> I trust scripts to update mailservers which nobody else can be trying to configure
> at the same time (and name servers for that matter).
>
> Injecting a blackhole route and letting IBGP propogate it is the same idea.
> (as long as it stays inside your network ;)
NOnono..
*sigh* I think after this I'm going to knock off this thread.
I'm simply saying that the easiest method (null routing, open relays)
isn't always the most "correct" method. I think that its nicer to
simply drop the entire netblock (or even deaggregate it like someone
suggests, which I hate doing, but ..) rather than null any traffic.
That stops the traffic crossing your network (and if you find people
policy routing it at multiple places, THEN you filter :) and lets
it flow through any alternate links people might have without having
to manually configure anything.
Thats all I'm saying. Nice and simple. I'm not going to get drawn
into a long discussion (well, a longer discussion) about something
which should be simple. I don't like the idea of traffic being
blackholed like that. I'd prefer it to simply be not announced.
Grr, I repeated it again.
You get the idea.
Adrian
--
Adrian Chadd "Sex Change: a simple job of outside
<adrian@creative.net.au> to inside plumbing."
- Some random movie
