net.terrorism
John Fraizer
nanog at EnterZone.Net
Wed Jan 10 07:25:09 UTC 2001
On Wed, 10 Jan 2001, Adrian Chadd wrote:
>
> On Tue, Jan 09, 2001, John Payne wrote:
> > personally speaking, and no disrespect to any abovenet network engineers, or anyone
> > else, but I would *MUCH* rather a solution which doesn't involve them logging
> > onto several routers to block 1 route (I don't know how many places abovenet peer
> > with uunet, but I'll bet that its more than 1 place)
> >
> > a) Add a blackhole route (1 config change)
> > b) Tag/block route on ingress (X config changes)
> > c) block route on egress (Y config changes)
>
> That in itself is bogus. How many MXes do you run? Can you seriously
> tell me that every time you add a domain to your MX servers you consider
> the updates "too difficult" ?
>
> I mean, going by what you said above, we might as well run open relays.
> That way, whenever we add new domains, thats 1 config change to your
> primary MX host to accept mail, and bewm! it works!
>
> Thats what scripts and other automata are for.
>
>
>
>
> Adrian
>
> --
> Adrian Chadd "Sex Change: a simple job of outside
> <adrian at creative.net.au> to inside plumbing."
> - Some random movie
Adrian,
rsync is your friend when it comes to updating mailserver configs. I'll
stick to doing it manually on our routers though, thankyou.
If it is important enough to an operator that they block traffic to-from
something that violates some policy they have, it is important enough for
them to update X number of routers.
---
John Fraizer
EnterZone, Inc
More information about the NANOG
mailing list