Home page logo

nanog logo nanog mailing list archives

Re: Alternic takes over Internic traffic
From: Lyndon Levesley <lol () xara net>
Date: Wed, 16 Jul 1997 12:07:55 +0100

On Tue, 15 Jul 1997 at around 17:17:58,
"DH" == Dorn Hetzel penned:

 DH> Since we run OSPF internally, we find it easier to do this by
 DH> setting up a 2501 (dedicated to the task) with static routes
 DH> pointing into a loopback interface which is filtered with an
 DH> access list to block all packets.  The static routes are
 DH> redistributed into OSPF, which caused each static to suck
 DH> packets bound from anywhere in our network into the filter,
 DH> kill them, and log them.  Of course, there is no risk of the
 DH> OSPF leaking to the outside world, though it covers our network
 DH> nicely, and we get logging of attempted replies to these
 DH> sites.  Since OSPF is nicely classless, we block anythink from
 DH> a /32 up...

 If you have a smaller network and still want the ability to do this 
(e.g. singly-homed site) just route the networks concerned to 
nowhere on your gateway router

ip route a.b.c.d w.x.y.z Null0

route add net a.b.c.d <local or null IP address> 1

 This won't stop the DNS hack from polluting your servers (u/g the 
software :) but I don't think my Linux box needs to contact DNS 
pirates ;-}

 DH> -Dorn Hetzel
 DH> Epoch Internet



Penis Envy is a total Phallusy.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]