Alternic takes over Internic traffic

Karl Denninger karl at Mcs.Net
Tue Jul 15 21:36:27 UTC 1997


Now that's a strategy I like.  Thanks Dorn; that's both elegant and easy to
implement, its cheap, and it works.

--
-- 
Karl Denninger (karl at MCS.Net)| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl     | T1's from $600 monthly to FULL DS-3 Service
			     | 99 Analog numbers, 77 ISDN, http://www.mcs.net/
Voice: [+1 312 803-MCS1 x219]| NOW Serving 56kbps DIGITAL on our analog lines!
Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W Internal

On Tue, Jul 15, 1997 at 05:17:58PM -0400, Dorn Hetzel wrote:
> 
> Since we run OSPF internally, we find it easier to do this by 
> setting up a 2501 (dedicated to the task) with static routes
> pointing into a loopback interface which is filtered with an
> access list to block all packets.  The static routes are
> redistributed into OSPF, which caused each static to suck
> packets bound from anywhere in our network into the filter,
> kill them, and log them.  Of course, there is no risk of the
> OSPF leaking to the outside world, though it covers our network
> nicely, and we get logging of attempted replies to these
> sites.  Since OSPF is nicely classless, we block anythink from
> a /32 up...
> 
> 	-Dorn Hetzel
> 	Epoch Internet
> 
> On Tue, Jul 15, 1997 at 04:36:58PM +0100, Alex.Bligh wrote:
> > [shock - operational ingredient to DNS issue on NANOG]
> > 
> > I feel that a convenient way to filter out crud that polutes
> > your DNS (or any other crud for that matter) might be:
> > a) Configure a normally non-BGP speaking router in your IGP to
> >    run BGP under AS (say) 7778.
> > b) Static the routes to all alternic's primary name servers to null0:
> >    (or better to a non-existent IP on an ethernet interface)
> > c) redistribute these statics into BGP through a routemap if necessary.
> > d) Set up peering with a router running BGP tagging the routes as
> >    no-export (make sure you don't distribute them to peers or customers).
> > 
> > (credit to Paul Vixie for the "how to blackhole traffic" for spam
> > reasons which I've borrowed here - *PAUL DID NOT RECOMMEND DOING THIS
> > FOR DNS TRAFFIC - THIS IS ENTIRELY MY IDEA*).
> > 
> > We're just about to do this. I'll tell you how it goes.
> > 
> > Alex Bligh
> > Xara Networks
> > 



More information about the NANOG mailing list