Home page logo
/

nanog logo nanog mailing list archives

Re: Alternic takes over Internic traffic
From: Karl Denninger <karl () Mcs Net>
Date: Tue, 15 Jul 1997 16:36:27 -0500

Now that's a strategy I like.  Thanks Dorn; that's both elegant and easy to
implement, its cheap, and it works.

--
-- 
Karl Denninger (karl () MCS Net)| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl     | T1's from $600 monthly to FULL DS-3 Service
                             | 99 Analog numbers, 77 ISDN, http://www.mcs.net/
Voice: [+1 312 803-MCS1 x219]| NOW Serving 56kbps DIGITAL on our analog lines!
Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W Internal

On Tue, Jul 15, 1997 at 05:17:58PM -0400, Dorn Hetzel wrote:

Since we run OSPF internally, we find it easier to do this by 
setting up a 2501 (dedicated to the task) with static routes
pointing into a loopback interface which is filtered with an
access list to block all packets.  The static routes are
redistributed into OSPF, which caused each static to suck
packets bound from anywhere in our network into the filter,
kill them, and log them.  Of course, there is no risk of the
OSPF leaking to the outside world, though it covers our network
nicely, and we get logging of attempted replies to these
sites.  Since OSPF is nicely classless, we block anythink from
a /32 up...

      -Dorn Hetzel
      Epoch Internet

On Tue, Jul 15, 1997 at 04:36:58PM +0100, Alex.Bligh wrote:
[shock - operational ingredient to DNS issue on NANOG]

I feel that a convenient way to filter out crud that polutes
your DNS (or any other crud for that matter) might be:
a) Configure a normally non-BGP speaking router in your IGP to
   run BGP under AS (say) 7778.
b) Static the routes to all alternic's primary name servers to null0:
   (or better to a non-existent IP on an ethernet interface)
c) redistribute these statics into BGP through a routemap if necessary.
d) Set up peering with a router running BGP tagging the routes as
   no-export (make sure you don't distribute them to peers or customers).

(credit to Paul Vixie for the "how to blackhole traffic" for spam
reasons which I've borrowed here - *PAUL DID NOT RECOMMEND DOING THIS
FOR DNS TRAFFIC - THIS IS ENTIRELY MY IDEA*).

We're just about to do this. I'll tell you how it goes.

Alex Bligh
Xara Networks



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault