13 Aug
2021
13 Aug
'21
3:30 a.m.
On 13/8/21 5:08 pm, Rob PE1CHL via 44Net wrote:
Of course they have. They can apply whatever filter
they deem necessary
on their own router. They can submit their request to have incoming internet
traffic and be registered in the address list, and then still drop anything else
than what they want to handle.
No need to bring up "but what if the user does not know how to do that,
or what if they do not have a router which can do that" because in that
case they will not request the internet traffic and by default they won't have it.
There's definite advantages to having it done upstream - traffic
management and delegating the "ensuring it works" to people who _really_
know what they're doing.
Sure the implementation could also allow some different classes e.g.
- only some wellknown hamradio services
- webserver
- ...
- everything
Sounds like a nice selection - a mix of the first one and "listed
BGP
routed subnets" would probably be a fit for me.
It would make it more complex but it could reduce the amount of traffic
unnecessarily forwarded to users (over slow links).
Which is a big issue these
days. The further upstream this unwanted
traffic is stopped, the better for the network.
We also have a "trapdoor" firewall that automatically blocks source
addresses that "portscan" 44.137.x.x subnets that are not allocated.
So those pesky "researchers" are automatically blocked the first time
they hit an unallocated subnet, and as they do their research without
first checking how the space is used, that is usually quite quickly.
(there are typically about 70000 addresses in that automatic list)
Incoming traffic from these addresses is not forwarded at all.
Another good idea!.
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com