[57833] in North American Network Operators' Group
Re: Open relays and open proxies
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Apr 24 17:50:40 2003
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 24 Apr 2003 21:50:05 +0000
In-Reply-To: <3EA84A1B.2020708@utc.edu>
Errors-To: owner-nanog-outgoing@merit.edu
> On the other hand, NJABL.ORG lists 255K open relays, 170K open proxies,
> and a spattering of dialups and other listings. This is way beyond ACLs
> that I could even imagine thinking about :-)
anyone who was facile with perl could transform a full list of open relays
or proxies into something that avibgpd could use, so that you could have
your access controls implemented as routes rather than acl's. if you
combine that with policy routing so that you can blackhole traffic based
on source rather than destination, you could get the added benefit of not
having to take/deliver the SYN only to blackhole the resulting SYN-ACK.
--
Paul Vixie
