|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Open relays and open proxies
On 24 Apr 2003, Paul Vixie wrote: > > On the other hand, NJABL.ORG lists 255K open relays, 170K open proxies, > > and a spattering of dialups and other listings. This is way beyond ACLs > > that I could even imagine thinking about :-) > > anyone who was facile with perl could transform a full list of open relays > or proxies into something that avibgpd could use, so that you could have > your access controls implemented as routes rather than acl's. if you > combine that with policy routing so that you can blackhole traffic based > on source rather than destination, you could get the added benefit of not > having to take/deliver the SYN only to blackhole the resulting SYN-ACK. But how will the average BGP speaking router deal with an additional half million routes today or million routes in a few months? My guess is "not well"...or do you suggest some form of aggregation that would reduce the number of routes but penalize the innocent for being in the same /something as open systems? ---------------------------------------------------------------------- Jon Lewis *[email protected]*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
|