Todd A. Jacobs wrote:
> Since a few people asked me offlist how to drop routes, here's
> a 10-second how-to:
>
> As root, enter the following commands:
>
> route add -host 64.94.110.11 reject
> route add -host 12.158.80.10 reject
>
> As anyone, verify that the routes have been dropped:
>
> netstat -rn
>
> Your routing table should now include the following routes:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt Iface
> 64.94.110.11 - 255.255.255.255 !H - - - -
> 12.158.80.10 - 255.255.255.255 !H - - - -
>
> This works a lot better than firewalling or /etc/host entries
> IF AND ONLY IF you drop routes on all the relevent IPs. But
> I've done it here, and it works great. :)
I'm not sure if this is really a viable solution, but in trying
to find out what routes to drop I've discovered the interesting
wildcard feature of the whois server. This, with some cleanup,
gives me a nice list of 43 IP blocks registered to Verisign.
Now, how useful is this data? I'm hesitant to simply drop all
routes to these blocks, as some are probably sublet to
respectable companies. I don't think I'd mind dropping all Class
C networks registered to Verisign, but I think dropping Class
B would be overdoing it.
So is this a reasonable undertaking? If I'm willing to give up
all services Verisign might offer directly *sniffle*, is this
a decent strategy? Or critically flawed? Or just misled?
TIA,
Tim Hammerquist
--
Everybody wants prosthetic foreheads on their real heads.
-- They Might Be Giants, "We Want a Rock..."
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
