nanog mailing list archives

Re: blocking AS30060

From: Jay Hennigan <jay () west net>
Date: Tue, 16 Sep 2003 10:58:08 -0700 (PDT)


On Tue, 16 Sep 2003, Will Yardley wrote:

On Tue, Sep 16, 2003 at 01:04:18PM -0400, William Allen Simpson wrote:

Are there any adverse side effects, that anybody can think of?


One is that any mail destined for this host would probably sit in the
queue for the maximum queue lifetime, generally about 4 days, before
bouncing as undeliverable, rather than either being rejected
immediately.


On the other hand, if your routers have the CPU cycles to spare, an
inbound access-list along the lines of

deny tcp 64.94.110.0 0.0.0.255 eq 80 any
 [whatever other stuff you have]
permit ip any any

Will block their return traffic from tbe website (including the TCP ack)
allowing them to cheerfully syn-flood DDoS themselves if enough people
do this.

This will kill the web traffic but allow mail.

-- 
Jay Hennigan - CCIE #7880 - Network Administration - jay () west net
WestNet:  Connecting you to the planet.  805 884-6323      WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/

Current thread:

Fwd: Re: Patching BIND (Re: What *are* they smoking?) Mark Vevers (Sep 16)
- blocking AS30060 William Allen Simpson (Sep 16)
  - Re: blocking AS30060 Haesu (Sep 16)
  - Re: blocking AS30060 Will Yardley (Sep 16)
    - Re: blocking AS30060 Jay Hennigan (Sep 16)
  - Re: blocking AS30060 Stephen J. Wilcox (Sep 16)