North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: How many backbones here are filtering the makelovenotspam scr eensaver site?

  • From: Elmar K. Bins
  • Date: Fri Dec 03 03:35:37 2004


> That's why I am a very firm believer in the power of "ip route
> x.x.x.x y.y.y.y null0" command.  :)  Makes the problem go away for me
> (for the most part) and doesn't cause anyone else any pain as a
> result except my customers, who agreed to let me use that power when
> they purchased service from me.

I would rather prefer the traffic not hitting anything behind my
transit/peering machinery at all, so the "ip route" alone doesn't
make me happy, I also have to adjust ingress ACLs every once in a

And while Cisco's autosecure feature looks fine in most parts (saves
a lazy overworked bum like me a lot of typing), it does not do much
good - in my opinion - when it comes to bogon filtering. I prefer
knowing what the filter looks like, and it does not seem to give me
that, nor any way of modifying the list (correct me if I'm wrong).

I like the simplicity of, e.g., the Cymru route-server project, giving
me bogon prefixes I can then blackhole, and giving me the opportunity
to filter those prefixes (and hence my filters). Unfortunately, this
only works for egress, and I still have to look after my ingress ACLs.

Oh, and of course this is only a good thing as long as the Cymru folks
can be trusted...



"Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren."
                          (PLemken, <[email protected]>)

--------------------------------------------------------------[ ELMI-RIPE ]---