>>
>> janitor.
>>
>> No really, the reason for some leaks isn't because so-and-so was
>> never a customer, they were. 5 years ago. nobody removed the
>> routes from
>> the IRR or AS-SET or and now the route is
>> learned via
>> some other location and it's bypassed your perimiter security an
Since there are ways to dynamically filter the bogons, using BGP or DNS,
I don't really see the need to stop doing so. If you're managing your
routing and firewall filters manually, you have bigger problems than the
release of Bogon space.
It's not just the number of attacks that is the issue, bu
In the case of routers and firewalls, managing your block lists
dynamically is akin to checking the oil. Which is something too few car
owners do as well.
It's also relatively easy to do:
For firewalls, I came up with ThreatSTOP to make this simple for
everyone.
Team Cymru has been doing this
>> i contend that all one's routers should be rigorously
>> configured as programmatically as possible.
> What sort of tools do you use to facilitate this?
ntt/verio, level(3), ... have sophisticated locally developed systems.
they see these as competitive advantage, so sharing is extremely
unlik
On Tue, 12 Aug 2008, Jon Lewis wrote:
What would happen if you pinged the Ocala router such that the TTL was 1
when travelling over the DS3? From your traceroute it seems it travelled
two IP hops that did not send ICMP error messages, but it might just be
that the ICMP errors from the Ocala ro
> >From the traces I've seen, it seems if the first Sprint hop is sl-bb20-dc,
> the private IP hops don't show up. If the first Sprint hop is sl-crs2-dc,
> then the private IP hops are there. I wonder if anyone from Sprint can
> shed some light on that?
That's an interesting correlation, but
Is this only happening in one direction? One possibility is that the
carrier has a different circuit that is provisioned up, HDLC, with no
physical connection. A short-circuit in a DACS or MUX is bridging the
transmit interface towards your destination with a transmit interface on
the unused
7 matches
Mail list logo
