Any way to P-T-P Distribute the RBL lists?
ratul mahajan
ratul at cs.washington.edu
Fri Sep 26 01:50:08 UTC 2003
something not very far from the discussion on this thread was proposed
last year by some researchers at columbia. for those of you who like
reading academic papers:
http://www1.cs.columbia.edu/~danr/publish/2002/Kero2002:SOS-camera.pdf
-- ratul
Aaron Dewell wrote:
>
> On Thu, 25 Sep 2003, Eric A. Hall wrote:
> > > I know you all have probably already thought of this, but
> > > can anyone think of a feasible way to run a RBL list that does not have
> > > a single point of failure? Or any attackable entry?
> >
> > Easy. Have the master server only be reachable by replication partners
> > through a VPN connection, and have dozens of secondaries advertising
> > through multiple anycast addresses.
>
> So why couldn't you follow this plan without the VPN and anycast? Have a
> couple of master servers totally unpublished (nobody except the secondaries
> know about it), then have dozens of secondaries that are the ones actually
> used (or AXFR'd off of). You can't attack all the secondaries at once if
> there are enough of them, and the master server is unknown (hopefully).
>
> You could certainly improve on that system with a VPN, but the service is
> reasonable without it. Make your secondaries be volunteers who sign an
> agreement to never tell anyone what your master IP addresses are. If they
> get out, shift the master files to a secondary, notify the other secondaries
> by secure channels, and you're back in business.
>
> Even better - Publish all the servers, nobody knows who the masters are of
> this list of N servers, and rotate it when needed or every so often.
>
> I'd be a secondary/rotating master in that setup. I'm sure you'd get a
> bunch of volunteers.
>
> Aaron
More information about the NANOG
mailing list