Users should be aware of the following changes to the way Internet traffic is routed to South African higher educational institutions:

QUOTE(TENET @ Fri, 13 Aug 2004 10:59:32 +0200)
Some time ago I announced that TENET's Board had approved the implementation of the MAPS Realtime Blackhole List (RBL) at the HEIST  International Gateway.  Getting this done has taken an extraordinarily long time, but Telkom has now implemented the BGP version of the MAPS RBL on the HEIST International Gateway router. There are some 5000 prefixes in the RBL and the router simply drops all (repeat, all) outbound IP packets destined for any IP address in the list.  In particular, this prevents TCP handshakes from completing, an so stops all connections, including mail transmissions, from even starting.


More information on the MAPS RBL is available on their web site. Technical implementation details can be found at the packet clearing house.

This should, for the most part, be transparent to users.

Some possible side effects of the use of these BGP-based block lists are:
- users visiting the web sites of RBL listed hosts will receive an ERR_CONNECT_FAIL error from the cache servers.
- users trying to access any TCP-based services on RBL listed hosts will either receive a connection refused error or their connection will eventually time out.
- unlike in the past where comprehensive logs were available, we will have no record of e-mail which is rejected by the HEIST routers as SPAM. Logs of e-mail that is locally rejected will still be available.

We're interested in hearing about any difficulties relating to this service you experience so that we can pass this information on to our upstream providers. Please ensure, however, that the remote site concerned is in fact listed in the block list before blindly assuming this to be the reason you can't connect to it.