North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: FBI tells the public to call their ISP for help
Once upon a time, John Levine <johnl@xxxxxxxx> said: > I realize it's not a technical problem, although I suspect there are > some technical twiddles that could help, e.g., persuading Microsoft to > put the update servers in their own ASN to make it easier to put them > in a sandbox. And I realize that Microsoft's combination of arrogance > and naivete can make them painful to deal with. $ dig download.windowsupdate.com ;download.windowsupdate.com. IN A download.windowsupdate.com. 3411 IN CNAME main.dl.wu.akadns.net. main.dl.wu.akadns.net. 111 IN CNAME dom.dl.wu.akadns.net. dom.dl.wu.akadns.net. 111 IN CNAME dl.wu.ms.edgesuite.net. dl.wu.ms.edgesuite.net. 8080 IN CNAME a26.ms.akamai.net. a26.ms.akamai.net. 20 IN A 220.127.116.11 a26.ms.akamai.net. 20 IN A 18.104.22.168 $ If you have Akamai servers, the IPs will be on your network (and of course shared with many other sites). You'd have to limit access with a limited DNS server (since few will use or even know IPs to visit) that only gives out DNS for certain hosts/domains. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.