Re: Open relays and open proxies

[jlewis () lewis org]

On 24 Apr 2003, Paul Vixie wrote:

> > On the other hand, NJABL.ORG lists 255K open relays, 170K open proxies, 
> > and a spattering of dialups and other listings.  This is way beyond ACLs 
> > that I could even imagine thinking about :-)
>
> anyone who was facile with perl could transform a full list of open relays
> or proxies into something that avibgpd could use, so that you could have
> your access controls implemented as routes rather than acl's.  if you
> combine that with policy routing so that you can blackhole traffic based
> on source rather than destination, you could get the added benefit of not
> having to take/deliver the SYN only to blackhole the resulting SYN-ACK.

But how will the average BGP speaking router deal with an additional half
million routes today or million routes in a few months?  My guess is "not
well"...or do you suggest some form of aggregation that would reduce the
number of routes but penalize the innocent for being in the same
/something as open systems?

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________