On Wednesday 10 December 2008, Markus Wild wrote:
Excuse my ignorance, since I didn't make it to last SWINOG... the description on their web site implies the system is using BGP to distribute the black list. Assuming this just distributes IP addresses of web servers hosting questionable content, by blocking those, will that not block content of ALL hostings hosted on that IP address? What about hosters who also host other services on that IP address, like perhaps DNS and mail services? I recall a time where an email RBL was implemented using BGP blackholing, and we can into exactly those problems...
As far as I understand it from my desk, the box routes traffic for listed IP to itself and screens the contents on application level. "good" traffic it left and passed on, "bad" traffic is treated in an unknown manor (dorped, rerouted *don't know*). This is why it's an absoltely moronic idea to blacklist large sites like wikipedia...
One can clearly see what hapens is you route traffic for a website hosted on several hundreds of webservers through a tiny little screening frirewall sitting on a tiny little box. *lol*
have fun, Michi