[57835] in North American Network Operators' Group
Re: Open relays and open proxies
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Thu Apr 24 18:04:42 2003
Date: Thu, 24 Apr 2003 18:03:57 -0400 (EDT)
From: jlewis@lewis.org
To: Paul Vixie <vixie@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <g3of2v4lbm.fsf@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 24 Apr 2003, Paul Vixie wrote:
> > On the other hand, NJABL.ORG lists 255K open relays, 170K open proxies,
> > and a spattering of dialups and other listings. This is way beyond ACLs
> > that I could even imagine thinking about :-)
>
> anyone who was facile with perl could transform a full list of open relays
> or proxies into something that avibgpd could use, so that you could have
> your access controls implemented as routes rather than acl's. if you
> combine that with policy routing so that you can blackhole traffic based
> on source rather than destination, you could get the added benefit of not
> having to take/deliver the SYN only to blackhole the resulting SYN-ACK.
But how will the average BGP speaking router deal with an additional half
million routes today or million routes in a few months? My guess is "not
well"...or do you suggest some form of aggregation that would reduce the
number of routes but penalize the innocent for being in the same
/something as open systems?
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
