[Cialug] Bind...
Jeffrey C. Ollie
jeff at ocjtech.us
Thu Oct 12 16:03:04 CDT 2006
On Thu, 2006-10-12 at 15:58 -0500, Thomas Kula wrote:
> On Thu, Oct 12, 2006 at 01:53:17PM -0700, Aaron Porter wrote:
> >
> > Oh, one caveat; their "bogon" acl, while a really good idea needs to
> > be updated periodically as the blacklisted IP ranges get assigned. If
> > you're the kind of admin that leaves things on autopilot for a while,
> > you might want to avoid that acl -- or risk blacklisting a portion of
> > the net in the future.
>
> Fortunately Team Cymru also tracks network allocations (and
> does a pretty good job of it). A bit of scripting should be
> sufficient to tell you when you should change that acl --- they
> even have a mailing list you can subscribe to that will tell
> you when their list changes.
Even better yet, get a BGP feed from Cymru and null route packets from
bogus IP addresses. If you don't have a AS number they'll assign you a
private one. OpenBSD has OpenBGPD and Quagga runs on just about
anything else.
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://cialug.org/pipermail/cialug/attachments/20061012/b52f6b3e/attachment.pgp
More information about the Cialug
mailing list