[63043] in North American Network Operators' Group
Re: Any way to P-T-P Distribute the RBL lists?
daemon@ATHENA.MIT.EDU (Sabri Berisha)
Thu Sep 25 15:41:42 2003
Date: Thu, 25 Sep 2003 21:41:07 +0200
From: Sabri Berisha <sabri@cluecentral.net>
To: Drew Weaver <drew.weaver@thenap.com>
Cc: "'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <75634F04BFCFD511BF69009027DC86495C6660@mailman.thenap.com>; from drew.weaver@thenap.com on Wed, Sep 24, 2003 at 10:30:16PM -0400
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Sep 24, 2003 at 10:30:16PM -0400, Drew Weaver wrote:
Hi,
> I know you all have probably already thought of this, but can
> anyone think of a feasible way to run a RBL list that does not have a single
> point of failure? Or any attackable entry?
>
> Disregard this if im totally out of line, but it would seem to me that this
> would be possible.
Whatever you come up with, it practically always has a downside:
spammers can get the whole list as well.
Image an open-proxy-dnsbl being distributed via peer to peer or via
distributed means as usenet. Spammers would love it as they no longer
have to scan for themselves, same for open relays.
For some form of dnsbls, such as the geographical ones, it might be
useful to simply have everyone generate their own copy using the code
the creators use.
An option could be to setup large DNS servers on various IXP's like is
being done for other nameservers so you 'distribute' the same nameserver
on different geographical locations.
--
Sabri Berisha "I route, therefore you are"
"Wij doen niet aan default gateways" - anonymous engineer bij een DSL klant.
