Re: net.terrorism

[John Payne <john () sackheads org>]

On Wed, Jan 10, 2001 at 03:12:44PM +0800, Adrian Chadd wrote:
> On Tue, Jan 09, 2001, John Payne wrote:
> > On Tue, Jan 09, 2001 at 09:49:50PM +0800, Adrian Chadd wrote:
> > > I'd rather get partial announcements than traffic-filtered announcements.
> > > That way, my other network pipes (which hopefully have a path without
> > > above.net in it to vuurwerk) will take over. above.net are happy.
> > > vuurwerk is happy. life is good. no bitching or extra configuration.
> >
> > personally speaking, and no disrespect to any abovenet network engineers, or anyone
> > else, but I would *MUCH* rather a solution which doesn't involve them logging
> > onto several routers to block 1 route (I don't know how many places abovenet peer
> > with uunet, but I'll bet that its more than 1 place)
> >
> > a) Add a blackhole route  (1 config change)
> > b) Tag/block route on ingress (X config changes)
> > c) block route on egress (Y config changes)
>
> That in itself is bogus. How many MXes do you run? Can you seriously
> tell me that every time you add a domain to your MX servers you consider
> the updates "too difficult" ?
>
> I mean, going by what you said above, we might as well run open relays.
> That way, whenever we add new domains, thats 1 config change to your
> primary MX host to accept mail, and bewm! it works!

No, I updated the list of domains in one place and its automatically taken
care of on the other boxes.

> Thats what scripts and other automata are for.

I trust scripts to update mailservers which nobody else can be trying to configure
at the same time (and name servers for that matter).

Injecting a blackhole route and letting IBGP propogate it is the same idea.
(as long as it stays inside your network ;)

-- 
John Payne      http://www.sackheads.org/jpayne/    john () sackheads org
http://www.sackheads.org/uce/                    Fax: +44 870 0547954
        To send me mail, use the address in the From: header