Default routes on BGP routers with full feeds

William Herrin bill at herrin.us
Tue Nov 4 22:30:01 UTC 2014


On Tue, Nov 4, 2014 at 12:47 PM, Berry Mobley <berry at gadsdenst.org> wrote:
> I'm wondering how many of you who are
> multihomed also add default routes pointing
> to your providers from whom you are receiving full feeds.

Back when I was in the ISP world I installed a default route pointing to a
data capture machine. This let me detect which customers had port-scanning
worms so I could identify them ahead of the abuse complaint (and ahead of
the "why is my Internet so slow complaint). The scanners rip through
unrouted space as often as they rip through routed space, so they were
pretty easy to catch.

Unfortunately, dealing with Grandma's virus laden machine was never easy.

Regards,
Bill Herrin





--
William Herrin ................ herrin at dirtside.com  bill at herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?


More information about the NANOG mailing list