net.terrorism

• Previous message (by thread): net.terrorism
• Next message (by thread): net.terrorism
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 10, 2001, John Payne wrote:

> > Thats what scripts and other automata are for.
> 
> I trust scripts to update mailservers which nobody else can be trying to configure
> at the same time (and name servers for that matter).
> 
> Injecting a blackhole route and letting IBGP propogate it is the same idea.
> (as long as it stays inside your network ;)

NOnono..

*sigh* I think after this I'm going to knock off this thread.

I'm simply saying that the easiest method (null routing, open relays)
isn't always the most "correct" method. I think that its nicer to
simply drop the entire netblock (or even deaggregate it like someone
suggests, which I hate doing, but ..) rather than null any traffic.
That stops the traffic crossing your network (and if you find people
policy routing it at multiple places, THEN you filter :) and lets
it flow through any alternate links people might have without having
to manually configure anything.

Thats all I'm saying. Nice and simple. I'm not going to get drawn
into a long discussion (well, a longer discussion) about something
which should be simple. I don't like the idea of traffic being
blackholed like that. I'd prefer it to simply be not announced.
Grr, I repeated it again.

You get the idea.



Adrian

-- 
Adrian Chadd			"Sex Change: a simple job of outside 
<adrian at creative.net.au>	  to inside plumbing."
				    - Some random movie

• Previous message (by thread): net.terrorism
• Next message (by thread): net.terrorism
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]