Worst Offenders/Active Attackers blacklists

Jim Popovitch yahoo at jimpop.com
Tue Jan 29 14:43:42 UTC 2008


On Jan 29, 2008 12:58 AM, Patrick W. Gilmore <patrick at ianai.net> wrote:
> A general purpose host or firewall is NOTHING like a mail server.
> There is no race condition in a mail server, because the server simply
> waits until the DNS query is returned.  No user is watching the mail
> queue, if mail is delayed by 1/10 of a second, or even many seconds,
> nothing happens.
>
> Now magine every web page you visit is suddenly paused by 100ms, or
> 1000ms, or multiple seconds?  Imagine that times 100s or 1000s of
> users.  Imagine what your call center would look like the day after
> you implemented it.  (Hint: Something like a smoking crater.)
>
> There might be ways around this (e.g. zone transfer / bulk load), but
> it is still not a good idea.
>
> Of course I could be wrong.  You shouldn't trust me on this, you
> should try it in production.  Let us know how it works out.

Andrew, IIUC, suggested that the default would be to allow while the
check was performed.

-Jim P.



More information about the NANOG mailing list