[57842] in North American Network Operators' Group
Re: Open relays and open proxies
daemon@ATHENA.MIT.EDU (Jack Bates)
Thu Apr 24 22:21:31 2003
Date: Thu, 24 Apr 2003 21:19:39 -0500
From: Jack Bates <jbates@brightok.net>
To: Paul Vixie <paul@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <20030424233348.7768213954@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
Paul Vixie wrote:
>
> but you're right, a half million additional routes would Break Stuff in
> most places. one could pixelize, aggregate on /28 or /24 boundaries, or
> maintain some kind of MRU. but it's all very hacky compared to "upgrade
> the bgp core to be able to handle a million more route$".
You might as well do /28 or /24 boundaries considering the number of
open proxies that are on dhcp with low lease times, and (while slow)
even on dialup. It should be up front (and in BCP, AUP, etc) that any
insecure system found on a network should be shut down immediately until
the system is fixed (suspension of account, not termination).
-Jack
