Worst Offenders/Active Attackers blacklists
Jim Popovitch
yahoo at jimpop.com
Tue Jan 29 14:43:42 UTC 2008
On Jan 29, 2008 12:58 AM, Patrick W. Gilmore <patrick at ianai.net> wrote:
> A general purpose host or firewall is NOTHING like a mail server.
> There is no race condition in a mail server, because the server simply
> waits until the DNS query is returned. No user is watching the mail
> queue, if mail is delayed by 1/10 of a second, or even many seconds,
> nothing happens.
>
> Now magine every web page you visit is suddenly paused by 100ms, or
> 1000ms, or multiple seconds? Imagine that times 100s or 1000s of
> users. Imagine what your call center would look like the day after
> you implemented it. (Hint: Something like a smoking crater.)
>
> There might be ways around this (e.g. zone transfer / bulk load), but
> it is still not a good idea.
>
> Of course I could be wrong. You shouldn't trust me on this, you
> should try it in production. Let us know how it works out.
Andrew, IIUC, suggested that the default would be to allow while the
check was performed.
-Jim P.
More information about the NANOG
mailing list