North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: blocking AS30060
On Tue, 16 Sep 2003, Will Yardley wrote: > On Tue, Sep 16, 2003 at 01:04:18PM -0400, William Allen Simpson wrote: > > > Are there any adverse side effects, that anybody can think of? > > One is that any mail destined for this host would probably sit in the > queue for the maximum queue lifetime, generally about 4 days, before > bouncing as undeliverable, rather than either being rejected > immediately. On the other hand, if your routers have the CPU cycles to spare, an inbound access-list along the lines of deny tcp 64.94.110.0 0.0.0.255 eq 80 any [whatever other stuff you have] permit ip any any Will block their return traffic from tbe website (including the TCP ack) allowing them to cheerfully syn-flood DDoS themselves if enough people do this. This will kill the web traffic but allow mail. -- Jay Hennigan - CCIE #7880 - Network Administration - [email protected] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
|