On Thu, Dec 23, 2004 at 03:57:56PM +0000, Earle Martin wrote:
Dave, perhaps you might like to elucidate on the basics of BGP for those of
us who aren't familiar with it.
Yes, and a correction to your image too :-)
BGP (Border Gateway Protocol) is what ISPs use to figure out how to
route a packet from one host to another half way round the world. It
works by ISPs "announcing" that they can route to (eg) all hosts in
NETMASK/BITS. eg, 22.214.171.124 is a BBC web server. Auntie
announces a route to 126.96.36.199/19. That notation means "the netblock
which contains IP 188.8.131.52 and all other IPs which have the same
first 19 bits". Obviously, the smaller the number of leading bits a
block shares, the larger the block.
The idea is that when a wikiadmin sees some spam, they would look at a
view of the routing table (I have a script which does this using
route-views.org's very nice DNS-ish view of the routing table at the
University of Oregon) to see what netblock was being announced that
contained the spammer's IP, and would greylist the entire block [Earle -
it might be bigger or smaller than a /20]. They would also BLACKlist
the spammer's /24 or, if the netblockis smaller than /24, blacklist just
that smaller block.
We blacklist a /24 as well as greylisting a larger block for reasons of
route aggregation, ISPs being spam-friendly, and so on. I can explain
in great detail and at great length over a beer ;-)
I have a script which I use for this sort of stuff, contact me off-list
if you want a copy.
It's very important to note that no blacklisting or greylisting should
happen without an admin's say-so. Although I would very strongly
recommend blacklisting all the networks at:
(explanation at http://www.spamhaus.org/drop/
and at least greylisting (but preferably blacklisting) all of:
(explanation at http://www.okean.com/asianspamblocks.html
FWIW, I have all of those netblocks blacklisted (plus several others)
in my mail sewer config, and there is no noticeable performance hit.
David Cantrell | Reality Engineer, Ministry of Information
It requires zero configuration once you're configured properly
-- pudge, talking about Rendezvous (zeroconf) in Jagwyre