Kill Verisign Routes :: A Dynamic BGP solution

• Previous message (by thread): Rogers Cable Contact
• Next message (by thread): Kill Verisign Routes :: A Dynamic BGP solution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I wanted to discuss the merits of the following:

I have written a proof of concept solution to nuke a route to sitefinder.
Code to those who care or to the list if anyone cares.  Perl is your friend
:)

Basic concept:  Use Net::BGP to set up a peering session with my route
server.  Query DNS for *.com and *.net on x interval.  Then take the answers
(if they are valid A records) and inject them into the route server (which
in our case is used solely to feed a blackhole network to sink traffic from
APNIC space, etc).

If an address no longer appears in the DNS (i.e. the idiots switched hosts),
withdraw the route.  If they set up multiple hosts, it will catch each one
of them.  You can set the polling interval as you please.

Thoughts?

Eric



==========================================================================
  Eric Germann                                        CCTec
  ekgermann at cctec.com                                 Van Wert OH 45891
  http://www.cctec.com                                Ph:  419 968 2640
                                                      Fax: 603 825 5893

"The fact that there are actually ways of knowing and characterizing the
extent of one’s ignorance, while still remaining ignorant, may ultimately be
more interesting and useful to people than Yarkovsky"

  -- Jon Giorgini of NASA’s Jet Propulsion Laboratory

• Previous message (by thread): Rogers Cable Contact
• Next message (by thread): Kill Verisign Routes :: A Dynamic BGP solution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]