[76193] in North American Network Operators' Group
Re: How many backbones here are filtering the makelovenotspam scr eensaver site?
daemon@ATHENA.MIT.EDU (Elmar K. Bins)
Fri Dec 3 03:34:30 2004
Date: Fri, 3 Dec 2004 09:33:04 +0100
From: "Elmar K. Bins" <elmi@4ever.de>
To: Chad Skidmore <cskidmore@go180.net>
Cc: nanog@merit.edu
In-Reply-To: <7A2C7588564516488CD950202373E682010031F3@imail.inet.go180.net>
Errors-To: owner-nanog-outgoing@merit.edu
Chad,
> That's why I am a very firm believer in the power of "ip route
> x.x.x.x y.y.y.y null0" command. :) Makes the problem go away for me
> (for the most part) and doesn't cause anyone else any pain as a
> result except my customers, who agreed to let me use that power when
> they purchased service from me.
I would rather prefer the traffic not hitting anything behind my
transit/peering machinery at all, so the "ip route" alone doesn't
make me happy, I also have to adjust ingress ACLs every once in a
while.
And while Cisco's autosecure feature looks fine in most parts (saves
a lazy overworked bum like me a lot of typing), it does not do much
good - in my opinion - when it comes to bogon filtering. I prefer
knowing what the filter looks like, and it does not seem to give me
that, nor any way of modifying the list (correct me if I'm wrong).
I like the simplicity of, e.g., the Cymru route-server project, giving
me bogon prefixes I can then blackhole, and giving me the opportunity
to filter those prefixes (and hence my filters). Unfortunately, this
only works for egress, and I still have to look after my ingress ACLs.
Oh, and of course this is only a good thing as long as the Cymru folks
can be trusted...
Cheers,
Elmi.
--
"Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren."
(PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>)
--------------------------------------------------------------[ ELMI-RIPE ]---
