[unisog] Cleaning up those networks

John Kristoff jtk at depaul.edu
Tue Feb 20 20:46:26 GMT 2007


On Tue, 20 Feb 2007 14:09:46 -0500
Michael Holstein <michael.holstein at csuohio.edu> wrote:

> Brings up an interesting point .. there's been talk over on NANOG about 
> creating a BGP feed for misbehaving hosts/nets so they could be 
> automagically blackholed on a border router.
> 
> Is anyone doing this (internally), and if so, how?

Many have done this.  I even put up some real hacky code for a web
front end for this sort of thing.  The thing is, you'd probably have
to be very careful and selective about what goes into this feed.  You
could easily fill up your table space with thousands and thousands
of addrs/nets with such a scheme.

> I'd love to see a public route-server for that info, but suspect it'd 
> get sued out of existence like some of the dnsBLs for spam.

Maybe, but it also has all the other problems associated with a BL.
Addrs are very transient and you may end up blackholing something
you really might not want to have.  Bottom line, sometimes the cure
isn't worth it.  Mileage may vary, etc, blah blah blah.

By the way, you should consider becoming involved in REN-ISAC.

John


More information about the unisog mailing list