Any way to P-T-P Distribute the RBL lists?

Patrick patrick at stealthgeeks.net
Thu Sep 25 16:11:04 UTC 2003


On Thu, 25 Sep 2003, Rich Braun wrote:

>
> Drew Weaver <drew.weaver at thenap.com> inquired:
> >            I know you all have probably already thought of this, but can
> > anyone think of a feasible way to run a RBL list that does not have a single
> > point of failure? Or any attackable entry?
>
> Fedex.  "Never underestimate the bandwidth of a station wagon loaded with DLT
> cartridges barreling along the highway at 70mph"...
>
> Seriously, as has already been pointed out, the distribution side of the
> equation is the easy part.  Server admins can use an out-of-band technique
> like ordinary dialup to get access to the blocklist.  But generating the
> blocklist requires real-time reporting back to a central server.

I respectfully disagree. What it requires is some mechanism to get updates
back to "authorized" server(s), and those "authorized" servers need to
determine what to do with the reports. This does not need to be
real-time. Near-time would suffice IMO. The interesting issue with regards
to this component is indeed not the transport mechanism, but rather
dealing with the influx of reports, and mitigating DOS's through floods of
bogus reports. This is where things like the "web-of-trust" concept comes
in handy.

Sorry, but this is definitely getting off the operational charter of
NANOG, so I'll stop. :-) There are a few people that have expressed
interest in exploring this further. If anyone is interested drop me a
line privately.

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
                               Patrick Greenwell
         Asking the wrong questions is the leading cause of wrong answers
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/



More information about the NANOG mailing list