Any way to P-T-P Distribute the RBL lists?
Matthew Sullivan
matthew at sorbs.net
Thu Sep 25 20:59:21 UTC 2003
Aaron Dewell wrote:
>On Thu, 25 Sep 2003, Eric A. Hall wrote:
> > > I know you all have probably already thought of this, but
> > > can anyone think of a feasible way to run a RBL list that does not have
> > > a single point of failure? Or any attackable entry?
> >
> > Easy. Have the master server only be reachable by replication partners
> > through a VPN connection, and have dozens of secondaries advertising
> > through multiple anycast addresses.
>
>So why couldn't you follow this plan without the VPN and anycast? Have a
>couple of master servers totally unpublished (nobody except the secondaries
>know about it), then have dozens of secondaries that are the ones actually
>used (or AXFR'd off of). You can't attack all the secondaries at once if
>there are enough of them, and the master server is unknown (hopefully).
>
>You could certainly improve on that system with a VPN, but the service is
>reasonable without it. Make your secondaries be volunteers who sign an
>agreement to never tell anyone what your master IP addresses are. If they
>get out, shift the master files to a secondary, notify the other secondaries
>by secure channels, and you're back in business.
>
>Even better - Publish all the servers, nobody knows who the masters are of
>this list of N servers, and rotate it when needed or every so often.
>
>I'd be a secondary/rotating master in that setup. I'm sure you'd get a
>bunch of volunteers.
>
>
All well an good until the DDoSer systematically DDoSes each secondary
in order as has happened with SPEWS and SORBS.
Further, what's the point of having a DNSbl if the blocked parties
cannot get to the website to:
1/ Find out why they are blocked.
2/ Get delisted when they have fixed the issue.
When it comes to SPEWS - that isn't so much of an issue, with SORBS it
is the main part of the system.
/ Mat
More information about the NANOG
mailing list