[179384] in North American Network Operators' Group
Re: Cisco/Level3 takedown
daemon@ATHENA.MIT.EDU (Edouard Chamillard)
Thu Apr 9 18:08:32 2015
X-Original-To: nanog@nanog.org
Date: Thu, 09 Apr 2015 23:12:09 +0200
From: Edouard Chamillard <edouard.chamillard@ablogix.fr>
To: Chris Boyd <cboyd@gizmopartners.com>, "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <2E72A97E-8C1D-4CF9-9634-102313FB2108@gizmopartners.com>
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--rD1c5wcLPvSPEMDlFUXfxd0fDF7IRFdEI
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Le 09/04/2015 22:39, Chris Boyd a =E9crit :
>> On Apr 9, 2015, at 3:01 PM, Matt Olney (molney) <molney@cisco.com> wro=
te:
>>
>> In response to Sameer Khosla's comment that we should work with the en=
tire
>> service provider community:
>>
>> Talos is the threat intelligence group within Cisco. We absolutely
>> welcome discussions with any network operator on how we can improve th=
e
>> state of security on the Internet. Please contact me directly via ema=
il
>> and we can have a discussion about how we can work together going forw=
ard.
> While I agree that the (at least temporary) mitigation of the threat wa=
s overall a good thing, I'm not really happy with the method used. Decis=
ions to drop/block/filter traffic should be done locally. I would have a=
ppreciated Talos coming to the various *nog lists and saying something li=
ke "Hey, there's some really bad guys here. Here's the evidence of their=
bad behavior, you really should block them." That probably would have h=
ad a wider reach than just going to Level3.
>
> --Chris
>
Seconded
this kind of decision should be left to the various providers, and be
taken openly. while i am sure the decision has been taken with the best
intention, i'd prefer not seeing this kind of power wielded in a
discretionary fashion. 'tis a road that can lead to places i'm pretty
sure nobody wants to go.
--rD1c5wcLPvSPEMDlFUXfxd0fDF7IRFdEI
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVJuszAAoJEBNLpylKOK4iSDcH/0UjUEtsRkSzbBPIllYaStGy
z/Tmm59632QDK22ti8qRhtdfe7s9mzR/8zIrQMk25E6pdzu3Y8gKI5mZAbMM6BoL
f9cqO9qO1kajigSSodDTnaLCsYRkWkD+FwmpvbWtKNTDRNySRMzDsZLVI/VgV8eJ
uffFT+ti+M0F+Pp60igcJSRIvZf7ZO/GQKT4cYC84Ep+trshXPZMC+D8cs0rl0Ar
ZI2RKhuR8DrGWnfPCrLNBOL/a5p7BVZbWanYkt1ZHuMj5s5OoJj3UE+/9ncY2VHF
U0R9nGSx172mqQElgxOogRC0AWIe2+fNGEnCbDKTKwXM1OEB/73N6yv+5KWs7q4=
=X0EB
-----END PGP SIGNATURE-----
--rD1c5wcLPvSPEMDlFUXfxd0fDF7IRFdEI--
