Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: filtering

  • From: Jon O .
  • Date: Sat Jul 21 19:33:36 2001

On 22-Jul-2001, Andreas Plesner Jacobsen - Tiscali wrote:
> On Sat, Jul 21, 2001 at 03:43:48PM -0700, Jon O . wrote:
> > > A couple of days ago I mentioned here that I have nullrouted the IP which
> > > resolves to. After that I received some mail in private
> > > mentioning not only the fact that I filtered the wrong IP (that's fixt
> > > now) but also the dangers of posting about such a thing here. "Hey, he
> > > nullroutes them, let's do it too!".
> > > 
> > I understand your need to do something like this, but you are 
> > essentially causing the worm to fulfill it's goal and
> > censoring your customers. I worried that many people would do this. 
> No, since it is known that the provider hosting www1 and
> has already blackholed www1, and
> only resolves to www2 now.
> And then there's the big difference between operational stability and
> poltical stability, of which operational is the primary concern to me at
> least.

Yes, because your fix is for this worm and luckily it only attacks www1. 
The next one might not be so benign and blackholing routes is not the 
answer. Also, it makes it harder to ID infected hosts so you can fix them.

Attachment: pgp00017.pgp
Description: PGP signature

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.